Windows
Analysis Report
https://raw.githubusercontent.com/massgravel/Microsoft-Activation-scriΡts/master/MAS/All-In-One-Version/MAS_1.5_AIO_CRC32_21D20776.cmd
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- cmd.exe (PID: 6840 cmdline:
C:\Windows \system32\ cmd.exe /c wget -t 2 -v -T 60 -P "C:\Use rs\user\De sktop\down load" --no -check-cer tificate - -content-d isposition --user-ag ent="Mozil la/5.0 (Wi ndows NT 6 .1; WOW64; Trident/7 .0; AS; rv :11.0) lik e Gecko" " https://ra w.githubus ercontent. com/massgr avel/Micro soft-Activ ation-Scri pts/master /MAS/All-I n-One-Vers ion/MAS_1. 5_AIO_CRC3 2_21D20776 .cmd" > cm dline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - conhost.exe (PID: 6880 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - wget.exe (PID: 6916 cmdline:
wget -t 2 -v -T 60 - P "C:\User s\user\Des ktop\downl oad" --no- check-cert ificate -- content-di sposition --user-age nt="Mozill a/5.0 (Win dows NT 6. 1; WOW64; Trident/7. 0; AS; rv: 11.0) like Gecko" "h ttps://raw .githubuse rcontent.c om/massgra vel/Micros oft-Activa tion-Scrip ts/master/ MAS/All-In -One-Versi on/MAS_1.5 _AIO_CRC32 _21D20776. cmd" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
- cmd.exe (PID: 4816 cmdline:
C:\Windows \system32\ cmd.exe /c ""C:\User s\user\Des ktop\downl oad\MAS_1. 5_AIO_CRC3 2_21D20776 .cmd" " MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 5860 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - cmd.exe (PID: 4368 cmdline:
C:\Windows \system32\ cmd.exe /c ver MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - reg.exe (PID: 5608 cmdline:
reg query "HKCU\Cons ole" /v Fo rceV2 MD5: E3DACF0B31841FA02064B4457D44B357) - find.exe (PID: 1988 cmdline:
find /i "0 x0" MD5: 4B843EB20A160AC7E9217F9CD64DB6BA) - cmd.exe (PID: 6352 cmdline:
C:\Windows \system32\ cmd.exe /c echo prom pt $E | cm d MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - cmd.exe (PID: 6348 cmdline:
C:\Windows \system32\ cmd.exe /S /D /c" ec ho prompt $E " MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - cmd.exe (PID: 6364 cmdline:
cmd MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - cmd.exe (PID: 2492 cmdline:
C:\Windows \system32\ cmd.exe /S /D /c" ec ho "C:\Use rs\user\De sktop\down load\MAS_1 .5_AIO_CRC 32_21D2077 6.cmd" " MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - find.exe (PID: 5248 cmdline:
find /i "C :\Users\us er\AppData \Local\Tem p" MD5: 4B843EB20A160AC7E9217F9CD64DB6BA) - reg.exe (PID: 6192 cmdline:
reg query HKU\S-1-5- 19 MD5: E3DACF0B31841FA02064B4457D44B357) - cmd.exe (PID: 6232 cmdline:
C:\Windows \system32\ cmd.exe /c reg query "HKCU\Sof tware\Micr osoft\Wind ows\Curren tVersion\E xplorer\Us er Shell F olders" /v Desktop MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - reg.exe (PID: 5124 cmdline:
reg query "HKCU\Soft ware\Micro soft\Windo ws\Current Version\Ex plorer\Use r Shell Fo lders" /v Desktop MD5: E3DACF0B31841FA02064B4457D44B357) - mode.com (PID: 6564 cmdline:
mode 76, 3 0 MD5: 1A3D2D975EB4A5AF22768F1E23C9A83C) - choice.exe (PID: 5644 cmdline:
choice /C: 12345678 / N MD5: EA29BC6BCB1EFCE9C9946C3602F3E754)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_PowershellDedcodeAndExecute | Yara detected Powershell dedcode and execute | Joe Security |
There are no malicious signatures, click here to show all signatures.
Source: | Author: James Pemberton / @4A616D6573: |
Source: | Author: frack113: |
Click to jump to signature section
Source: | HTTPS traffic detected: |
Source: | Binary string: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTPS traffic detected: |
Source: | Process created: |
Source: | Key opened: | Jump to behavior |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Window detected: |
Source: | Binary string: |
Persistence and Installation Behavior |
---|
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File source: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Command and Scripting Interpreter | Path Interception | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 12 System Information Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Disable or Modify Tools | LSASS Memory | 1 Remote System Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 2 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Modify Registry | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 3 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 11 Process Injection | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
raw.githubusercontent.com | 185.199.109.133 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.199.109.133 | raw.githubusercontent.com | Netherlands | 54113 | FASTLYUS | false |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 606106 |
Start date and time: 09/04/202202:38:03 | 2022-04-09 02:38:03 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | urldownload.jbs |
Sample URL: | https://raw.githubusercontent.com/massgravel/Microsoft-Activation-scriΡts/master/MAS/All-In-One-Version/MAS_1.5_AIO_CRC32_21D20776.cmd |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 41 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.evad.win@32/3@1/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, UpdateNotificationMgr.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
- Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, go.microsoft.com, login.live.com, sls.update.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | modified |
Size (bytes): | 3377 |
Entropy (8bit): | 3.1414651526682564 |
Encrypted: | false |
SSDEEP: | 24:kMGKzSvTVOHMGjMGhXvMGjMGzA6xePgmutOBKROGeUXDBjpqQ9+NQlo1xEF:3vzSxx5x76UutuahXDBjVbwxEF |
MD5: | 9DE96F4AC63C4758593982573EE736B9 |
SHA1: | 44ABE04109C98BED3F7160BEEE64ECCB1DF0EA06 |
SHA-256: | F9AD74F05A7F23775A78A00B55BC4D807F9BEB924BFD0543D5AACEE88D0B4DFC |
SHA-512: | 4C9C99F4329EBC9E6397C5BC9F512DB9F1468B5B49135652D3620A4C5EB552EB7D61CBDDA6FAF1AA16481A27A9EA7106C62AB0AA2B8FE850D3E8EB56CDD42901 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\wget.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1790983 |
Entropy (8bit): | 6.539145168207634 |
Encrypted: | false |
SSDEEP: | 24576:xI3OiPLyZpRvavXZGkRaOGTOzdutMO+pixuOSOihJv0bXuFH9:SNj6qbGTOXqSfLvH9 |
MD5: | A0F1C3AA3CD2380B669F77F3B8BAC024 |
SHA1: | 4D11828CAC7728E25F6E2D1E76553D779D4A33FF |
SHA-256: | 0271E8F4113A31D688668D0E3BC7D06C525CF082930A8930273D5D9A69CE981D |
SHA-512: | 5A61B2AA6FFCB551760DEC584BBE5261449200C2D0F34389AF7879FE8F9DD6AB7BBFAC3A7EA902E5231C9747CEB29118E02CD49ED535E634B7D79D3368FBC556 |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\reg.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 281 |
Entropy (8bit): | 4.699912536640889 |
Encrypted: | false |
SSDEEP: | 3:+v8bH5IU6UcqWuRBkH5IU6UcJE5H5IU6UctS1op8bH5IU6Ucnde+vkH5IU6UcZfl:rbtWUkWe+SiSbsdFc+pk5RUpkI9+6 |
MD5: | 3561DC0B7AD3265A3AAD06F44FE9F3C8 |
SHA1: | 003022B9F13F4E9CF54DC6105C170086AA970A01 |
SHA-256: | 598E92B6694442828776DD0562DCE7121413A19F1647904CA1EA72D5F85D4C9F |
SHA-512: | 67CCCB782706DBCB78F25957882792EB5ECF78E0BE834F719772A7F5625FC75335745A5171D4641B99A4C99427A04862D9AF6EBB16944673016CF41FA26AB804 |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 9, 2022 02:39:01.121125937 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.121187925 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.121301889 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.123578072 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.123603106 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.175414085 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.175618887 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.180170059 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.180202007 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.180541039 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.182363033 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.226201057 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.398094893 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.398232937 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.398300886 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.398380041 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.398386002 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.398427010 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.398505926 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.398525953 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.398559093 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.398583889 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.398605108 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.398691893 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.398742914 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.398751974 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.398771048 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.398864031 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.399416924 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.399507999 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.399528027 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.399591923 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.399672031 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.399692059 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.400238037 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.400314093 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.400331974 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.401062012 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.401150942 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.401160955 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.401182890 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.401261091 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.401882887 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.401977062 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.402049065 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.402067900 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.402753115 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.402803898 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.402832985 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.402854919 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.402925968 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.403527975 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.403625011 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.403690100 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.403707027 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.414418936 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.414510965 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.414511919 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.414534092 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.414608002 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.414625883 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.414689064 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.414764881 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.414771080 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.414787054 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.414863110 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.415612936 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.415741920 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.415807962 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.415812016 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.415829897 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.415887117 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.416289091 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.416415930 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.416485071 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.416501045 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.417191029 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.417254925 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.417254925 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.417274952 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.417443037 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.417462111 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.417900085 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.417964935 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.417979002 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.419487953 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.419529915 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.419609070 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.419625998 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.419641972 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.419704914 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.421415091 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.421456099 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.421509027 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.421524048 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.421542883 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.432120085 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.432169914 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.432332039 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.432356119 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.432375908 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.434503078 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.434541941 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.434679985 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.434698105 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.434715033 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.436328888 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.436477900 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.443340063 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.443366051 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.443459988 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.455209017 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.455236912 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.455296040 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.455411911 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.455430031 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.455483913 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.455512047 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.455528021 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.455574036 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.455588102 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.455634117 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.455655098 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.638572931 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.638614893 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.638719082 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.643285990 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.643300056 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.643322945 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.643337965 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.643404961 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.643419027 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.643448114 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.643460035 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.643516064 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.643553972 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.729903936 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.729945898 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.730051994 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.733603001 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.733619928 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.733640909 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.733656883 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.733747959 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.733764887 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.733793020 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.733803034 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.733830929 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.733875990 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.827927113 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.827969074 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.828087091 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.833606958 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.833643913 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.833674908 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.833692074 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.833786964 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.833805084 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.833852053 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.833910942 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.870575905 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.870615959 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.870735884 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.874542952 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.874578953 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.874612093 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.874625921 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.874725103 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.874742985 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.874784946 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.874834061 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.920355082 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.920393944 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.920504093 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.945887089 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.945920944 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.945955992 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.945979118 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.946067095 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.946085930 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.946134090 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.946170092 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.964137077 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.964176893 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.964323044 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.970273018 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.970285892 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.970313072 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.970330954 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.970396996 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.970410109 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.970457077 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.970504999 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.992549896 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:01.992573023 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:01.992697954 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.002211094 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.002245903 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.002279043 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.002298117 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.002357006 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.002373934 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.002459049 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.002471924 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.045305014 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.045325041 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.045346022 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.045427084 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.045480013 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.051873922 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.051887035 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.052015066 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.052031040 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.052047968 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.052063942 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.052146912 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.052190065 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.052206039 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.052212954 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.052264929 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.069951057 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.069989920 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.070131063 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.076132059 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.076167107 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.076195955 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.076286077 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.076284885 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.076350927 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.076386929 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.098802090 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.098841906 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.098975897 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.107985973 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.108001947 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.108025074 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.108047962 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.108124971 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.108185053 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.147840977 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.147862911 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.148000956 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.155925035 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.155937910 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.155961037 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.155981064 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.156061888 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.156132936 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.171524048 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.171540976 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.171729088 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.179826975 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.179841995 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.179862022 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.179876089 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.180202007 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.198214054 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.198247910 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.198412895 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.205985069 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.206000090 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.206021070 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.206038952 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.206101894 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.206176043 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.235814095 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.235853910 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.236011982 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.259115934 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.259150982 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.259185076 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.259212971 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.259294987 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.259309053 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.259344101 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.278146029 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.278176069 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.278312922 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.284019947 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.284055948 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.284085989 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.284131050 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.284158945 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.284224987 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.284252882 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.298469067 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.298507929 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.298652887 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.308136940 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.308151960 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.308171988 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.308197021 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.308258057 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.308320045 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.322678089 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.322706938 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.322838068 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.332978010 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.333002090 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.333025932 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.333046913 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.333105087 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.333156109 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.333194017 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.384161949 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.384202003 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.384345055 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.392945051 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.392978907 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.393008947 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.393030882 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.393131018 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.393162966 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.409674883 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.409713030 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.409872055 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.421974897 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.422009945 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.422055960 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.422076941 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.422137976 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.422194958 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.443799019 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.443837881 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.444025040 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.472826958 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.472861052 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.472888947 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.472908974 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.472985029 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.473052979 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.486164093 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.486202955 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.486346960 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.491791964 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.491826057 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.491858006 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.491875887 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.491956949 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.492017984 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.519237041 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.519275904 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.519422054 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.528400898 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.528435946 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.528505087 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.528527021 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.528589964 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.528647900 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.542356968 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.542396069 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.542645931 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.549427032 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.549460888 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.549494028 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.549504995 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.549725056 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.563061953 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.563101053 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.563283920 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.571587086 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.571621895 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.571690083 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.571712971 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.571830034 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.571902990 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.599107981 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.599147081 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.599315882 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.606336117 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.606369972 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.606399059 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Apr 9, 2022 02:39:02.606498003 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.606550932 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.621124029 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.626585007 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.662775993 CEST | 49716 | 443 | 192.168.2.3 | 185.199.109.133 |
Apr 9, 2022 02:39:02.662816048 CEST | 443 | 49716 | 185.199.109.133 | 192.168.2.3 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 9, 2022 02:39:01.093676090 CEST | 57421 | 53 | 192.168.2.3 | 8.8.8.8 |
Apr 9, 2022 02:39:01.113818884 CEST | 53 | 57421 | 8.8.8.8 | 192.168.2.3 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 9, 2022 02:39:01.093676090 CEST | 192.168.2.3 | 8.8.8.8 | 0x6153 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 9, 2022 02:39:01.113818884 CEST | 8.8.8.8 | 192.168.2.3 | 0x6153 | No error (0) | 185.199.109.133 | A (IP address) | IN (0x0001) | ||
Apr 9, 2022 02:39:01.113818884 CEST | 8.8.8.8 | 192.168.2.3 | 0x6153 | No error (0) | 185.199.110.133 | A (IP address) | IN (0x0001) | ||
Apr 9, 2022 02:39:01.113818884 CEST | 8.8.8.8 | 192.168.2.3 | 0x6153 | No error (0) | 185.199.108.133 | A (IP address) | IN (0x0001) | ||
Apr 9, 2022 02:39:01.113818884 CEST | 8.8.8.8 | 192.168.2.3 | 0x6153 | No error (0) | 185.199.111.133 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49716 | 185.199.109.133 | 443 | C:\Windows\SysWOW64\wget.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-04-09 00:39:01 UTC | 0 | OUT | |
2022-04-09 00:39:01 UTC | 0 | IN | |
2022-04-09 00:39:01 UTC | 1 | IN | |
2022-04-09 00:39:01 UTC | 2 | IN | |
2022-04-09 00:39:01 UTC | 3 | IN | |
2022-04-09 00:39:01 UTC | 5 | IN | |
2022-04-09 00:39:01 UTC | 6 | IN | |
2022-04-09 00:39:01 UTC | 7 | IN | |
2022-04-09 00:39:01 UTC | 9 | IN | |
2022-04-09 00:39:01 UTC | 10 | IN | |
2022-04-09 00:39:01 UTC | 11 | IN | |
2022-04-09 00:39:01 UTC | 13 | IN | |
2022-04-09 00:39:01 UTC | 14 | IN | |
2022-04-09 00:39:01 UTC | 15 | IN | |
2022-04-09 00:39:01 UTC | 16 | IN | |
2022-04-09 00:39:01 UTC | 17 | IN | |
2022-04-09 00:39:01 UTC | 18 | IN | |
2022-04-09 00:39:01 UTC | 20 | IN | |
2022-04-09 00:39:01 UTC | 21 | IN | |
2022-04-09 00:39:01 UTC | 23 | IN | |
2022-04-09 00:39:01 UTC | 24 | IN | |
2022-04-09 00:39:01 UTC | 25 | IN | |
2022-04-09 00:39:01 UTC | 27 | IN | |
2022-04-09 00:39:01 UTC | 28 | IN | |
2022-04-09 00:39:01 UTC | 29 | IN | |
2022-04-09 00:39:01 UTC | 31 | IN | |
2022-04-09 00:39:01 UTC | 32 | IN | |
2022-04-09 00:39:01 UTC | 33 | IN | |
2022-04-09 00:39:01 UTC | 34 | IN | |
2022-04-09 00:39:01 UTC | 36 | IN | |
2022-04-09 00:39:01 UTC | 37 | IN | |
2022-04-09 00:39:01 UTC | 39 | IN | |
2022-04-09 00:39:01 UTC | 40 | IN | |
2022-04-09 00:39:01 UTC | 41 | IN | |
2022-04-09 00:39:01 UTC | 43 | IN | |
2022-04-09 00:39:01 UTC | 44 | IN | |
2022-04-09 00:39:01 UTC | 45 | IN | |
2022-04-09 00:39:01 UTC | 47 | IN | |
2022-04-09 00:39:01 UTC | 48 | IN | |
2022-04-09 00:39:01 UTC | 49 | IN | |
2022-04-09 00:39:01 UTC | 50 | IN | |
2022-04-09 00:39:01 UTC | 52 | IN | |
2022-04-09 00:39:01 UTC | 53 | IN | |
2022-04-09 00:39:01 UTC | 55 | IN | |
2022-04-09 00:39:01 UTC | 56 | IN | |
2022-04-09 00:39:01 UTC | 57 | IN | |
2022-04-09 00:39:01 UTC | 59 | IN | |
2022-04-09 00:39:01 UTC | 60 | IN | |
2022-04-09 00:39:01 UTC | 61 | IN | |
2022-04-09 00:39:01 UTC | 63 | IN | |
2022-04-09 00:39:01 UTC | 64 | IN | |
2022-04-09 00:39:01 UTC | 80 | IN | |
2022-04-09 00:39:01 UTC | 96 | IN | |
2022-04-09 00:39:01 UTC | 112 | IN | |
2022-04-09 00:39:01 UTC | 128 | IN | |
2022-04-09 00:39:01 UTC | 144 | IN | |
2022-04-09 00:39:01 UTC | 160 | IN | |
2022-04-09 00:39:01 UTC | 176 | IN | |
2022-04-09 00:39:01 UTC | 192 | IN | |
2022-04-09 00:39:01 UTC | 208 | IN | |
2022-04-09 00:39:01 UTC | 224 | IN | |
2022-04-09 00:39:01 UTC | 240 | IN | |
2022-04-09 00:39:01 UTC | 256 | IN | |
2022-04-09 00:39:01 UTC | 272 | IN | |
2022-04-09 00:39:01 UTC | 288 | IN | |
2022-04-09 00:39:01 UTC | 304 | IN | |
2022-04-09 00:39:01 UTC | 320 | IN | |
2022-04-09 00:39:01 UTC | 336 | IN | |
2022-04-09 00:39:01 UTC | 352 | IN | |
2022-04-09 00:39:01 UTC | 368 | IN | |
2022-04-09 00:39:01 UTC | 384 | IN | |
2022-04-09 00:39:01 UTC | 400 | IN | |
2022-04-09 00:39:01 UTC | 416 | IN | |
2022-04-09 00:39:01 UTC | 432 | IN | |
2022-04-09 00:39:01 UTC | 448 | IN | |
2022-04-09 00:39:01 UTC | 464 | IN | |
2022-04-09 00:39:01 UTC | 480 | IN | |
2022-04-09 00:39:01 UTC | 496 | IN | |
2022-04-09 00:39:01 UTC | 512 | IN | |
2022-04-09 00:39:01 UTC | 528 | IN | |
2022-04-09 00:39:01 UTC | 544 | IN | |
2022-04-09 00:39:01 UTC | 560 | IN | |
2022-04-09 00:39:01 UTC | 576 | IN | |
2022-04-09 00:39:01 UTC | 592 | IN | |
2022-04-09 00:39:01 UTC | 608 | IN | |
2022-04-09 00:39:01 UTC | 624 | IN | |
2022-04-09 00:39:01 UTC | 640 | IN | |
2022-04-09 00:39:01 UTC | 656 | IN | |
2022-04-09 00:39:01 UTC | 672 | IN | |
2022-04-09 00:39:01 UTC | 688 | IN | |
2022-04-09 00:39:01 UTC | 704 | IN | |
2022-04-09 00:39:01 UTC | 720 | IN | |
2022-04-09 00:39:01 UTC | 736 | IN | |
2022-04-09 00:39:01 UTC | 752 | IN | |
2022-04-09 00:39:01 UTC | 768 | IN | |
2022-04-09 00:39:01 UTC | 784 | IN | |
2022-04-09 00:39:01 UTC | 800 | IN | |
2022-04-09 00:39:01 UTC | 816 | IN | |
2022-04-09 00:39:01 UTC | 832 | IN | |
2022-04-09 00:39:01 UTC | 848 | IN | |
2022-04-09 00:39:01 UTC | 864 | IN | |
2022-04-09 00:39:01 UTC | 880 | IN | |
2022-04-09 00:39:01 UTC | 896 | IN | |
2022-04-09 00:39:01 UTC | 912 | IN | |
2022-04-09 00:39:01 UTC | 928 | IN | |
2022-04-09 00:39:01 UTC | 944 | IN | |
2022-04-09 00:39:02 UTC | 960 | IN | |
2022-04-09 00:39:02 UTC | 976 | IN | |
2022-04-09 00:39:02 UTC | 992 | IN | |
2022-04-09 00:39:02 UTC | 1008 | IN | |
2022-04-09 00:39:02 UTC | 1024 | IN | |
2022-04-09 00:39:02 UTC | 1040 | IN | |
2022-04-09 00:39:02 UTC | 1056 | IN | |
2022-04-09 00:39:02 UTC | 1072 | IN | |
2022-04-09 00:39:02 UTC | 1088 | IN | |
2022-04-09 00:39:02 UTC | 1104 | IN | |
2022-04-09 00:39:02 UTC | 1120 | IN | |
2022-04-09 00:39:02 UTC | 1136 | IN | |
2022-04-09 00:39:02 UTC | 1152 | IN | |
2022-04-09 00:39:02 UTC | 1168 | IN | |
2022-04-09 00:39:02 UTC | 1184 | IN | |
2022-04-09 00:39:02 UTC | 1200 | IN | |
2022-04-09 00:39:02 UTC | 1216 | IN | |
2022-04-09 00:39:02 UTC | 1232 | IN | |
2022-04-09 00:39:02 UTC | 1248 | IN | |
2022-04-09 00:39:02 UTC | 1264 | IN | |
2022-04-09 00:39:02 UTC | 1280 | IN | |
2022-04-09 00:39:02 UTC | 1296 | IN | |
2022-04-09 00:39:02 UTC | 1312 | IN | |
2022-04-09 00:39:02 UTC | 1328 | IN | |
2022-04-09 00:39:02 UTC | 1344 | IN | |
2022-04-09 00:39:02 UTC | 1360 | IN | |
2022-04-09 00:39:02 UTC | 1376 | IN | |
2022-04-09 00:39:02 UTC | 1392 | IN | |
2022-04-09 00:39:02 UTC | 1408 | IN | |
2022-04-09 00:39:02 UTC | 1424 | IN | |
2022-04-09 00:39:02 UTC | 1440 | IN | |
2022-04-09 00:39:02 UTC | 1456 | IN | |
2022-04-09 00:39:02 UTC | 1472 | IN | |
2022-04-09 00:39:02 UTC | 1488 | IN | |
2022-04-09 00:39:02 UTC | 1504 | IN | |
2022-04-09 00:39:02 UTC | 1520 | IN | |
2022-04-09 00:39:02 UTC | 1536 | IN | |
2022-04-09 00:39:02 UTC | 1552 | IN | |
2022-04-09 00:39:02 UTC | 1568 | IN | |
2022-04-09 00:39:02 UTC | 1584 | IN | |
2022-04-09 00:39:02 UTC | 1600 | IN | |
2022-04-09 00:39:02 UTC | 1616 | IN | |
2022-04-09 00:39:02 UTC | 1632 | IN | |
2022-04-09 00:39:02 UTC | 1648 | IN | |
2022-04-09 00:39:02 UTC | 1664 | IN | |
2022-04-09 00:39:02 UTC | 1680 | IN | |
2022-04-09 00:39:02 UTC | 1696 | IN | |
2022-04-09 00:39:02 UTC | 1712 | IN | |
2022-04-09 00:39:02 UTC | 1728 | IN | |
2022-04-09 00:39:02 UTC | 1744 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 02:38:59 |
Start date: | 09/04/2022 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc20000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 1 |
Start time: | 02:39:00 |
Start date: | 09/04/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c9170000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 2 |
Start time: | 02:39:00 |
Start date: | 09/04/2022 |
Path: | C:\Windows\SysWOW64\wget.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 3895184 bytes |
MD5 hash: | 3DADB6E2ECE9C4B3E1E322E617658B60 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 3 |
Start time: | 02:39:04 |
Start date: | 09/04/2022 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e1f60000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 4 |
Start time: | 02:39:05 |
Start date: | 09/04/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7c9170000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 5 |
Start time: | 02:39:05 |
Start date: | 09/04/2022 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e1f60000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 6 |
Start time: | 02:39:06 |
Start date: | 09/04/2022 |
Path: | C:\Windows\System32\reg.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61e1e0000 |
File size: | 72704 bytes |
MD5 hash: | E3DACF0B31841FA02064B4457D44B357 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 7 |
Start time: | 02:39:06 |
Start date: | 09/04/2022 |
Path: | C:\Windows\System32\find.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ac2f0000 |
File size: | 17408 bytes |
MD5 hash: | 4B843EB20A160AC7E9217F9CD64DB6BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 8 |
Start time: | 02:39:09 |
Start date: | 09/04/2022 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e1f60000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 9 |
Start time: | 02:39:09 |
Start date: | 09/04/2022 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e1f60000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 10 |
Start time: | 02:39:10 |
Start date: | 09/04/2022 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e1f60000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 11 |
Start time: | 02:39:10 |
Start date: | 09/04/2022 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e1f60000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 12 |
Start time: | 02:39:10 |
Start date: | 09/04/2022 |
Path: | C:\Windows\System32\find.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ac2f0000 |
File size: | 17408 bytes |
MD5 hash: | 4B843EB20A160AC7E9217F9CD64DB6BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 13 |
Start time: | 02:39:11 |
Start date: | 09/04/2022 |
Path: | C:\Windows\System32\reg.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61e1e0000 |
File size: | 72704 bytes |
MD5 hash: | E3DACF0B31841FA02064B4457D44B357 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 14 |
Start time: | 02:39:12 |
Start date: | 09/04/2022 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e1f60000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 15 |
Start time: | 02:39:12 |
Start date: | 09/04/2022 |
Path: | C:\Windows\System32\reg.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61e1e0000 |
File size: | 72704 bytes |
MD5 hash: | E3DACF0B31841FA02064B4457D44B357 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 16 |
Start time: | 02:39:12 |
Start date: | 09/04/2022 |
Path: | C:\Windows\System32\mode.com |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7e9390000 |
File size: | 31232 bytes |
MD5 hash: | 1A3D2D975EB4A5AF22768F1E23C9A83C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Target ID: | 17 |
Start time: | 02:39:19 |
Start date: | 09/04/2022 |
Path: | C:\Windows\System32\choice.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b030000 |
File size: | 33280 bytes |
MD5 hash: | EA29BC6BCB1EFCE9C9946C3602F3E754 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |