Edit tour
Windows
Analysis Report
file.exe
Overview
General Information
| Sample Name: | file.exe |
| Analysis ID: | 828778 |
| MD5: | 50b28c8b39d65e49be2873ef4fae4955 |
| SHA1: | a13c4d71e4add3ba31d6d1b10cc927c953676455 |
| SHA256: | 5daeae2494873409b8b59fd1adde883ce972d9a1d9616ce7d9067aaa3527ed7f |
| Tags: | exe |
| Infos: |  |
 | |
Detection
DanaBot
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Yara detected UAC Bypass using CMSTP
Multi AV Scanner detection for submitted file
Yara detected DanaBot stealer dll
Malicious sample detected (through community Yara rule)
Detected unpacking (overwrites its own PE header)
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
May use the Tor software to hide its network traffic
Uses 32bit PE files
Yara signature match
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Queries the installation date of Windows
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Queries information about the installed CPU (vendor, model number etc)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Drops PE files
Classification
- System is w10x64
file.exe (PID: 5480 cmdline: C:\Users\u ser\Deskto p\file.exe MD5: 50B28C8B39D65E49BE2873EF4FAE4955) 
rundll32.exe (PID: 780 cmdline: C:\Windows \system32\ rundll32.e xe C:\User s\user\App Data\Local \Temp\Wtoa hoepfise.d ll,start MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - rundll32.exe (PID: 3144 cmdline:
"C:\Window s\system32 \rundll32. exe" "C:\W indows\sys tem32\shel l32.dll",# 61 25064 MD5: 73C519F050C20580F8A62C849D49215A)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| DanaBot | Proofpoints describes DanaBot as the latest example of malware focused on persistence and stealing useful information that can later be monetized rather than demanding an immediate ransom from victims. The social usering in the low-volume DanaBot campaigns we have observed so far has been well-crafted, again pointing to a renewed focus on quality over quantity in email-based threats. DanaBots modular nature enables it to download additional components, increasing the flexibility and robust stealing and remote monitoring capabilities of this banker. |
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_DanaBot_stealer_dll_1 | Yara detected DanaBot stealer dll | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
| JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | ||
| Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
| JoeSecurity_DanaBot_stealer_dll_1 | Yara detected DanaBot stealer dll | Joe Security | ||
| JoeSecurity_DanaBot_stealer_dll_1 | Yara detected DanaBot stealer dll | Joe Security | ||
| Click to see the 2 entries | ||||
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Joe Sandbox ML: | ||
Exploits | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Compliance | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 11_2_000002633C903DD0 | |
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
Networking | |
|---|
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | HTTP traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
E-Banking Fraud | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 11_2_000002633C9038A0 | |
| Source: | Binary or memory string: | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Window detected: | ||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 11_2_000002633C8F3244 | |
| Source: | Code function: | 11_2_00652B94 | |
| Source: | Static PE information: | ||
| Source: | Code function: | 11_2_00650244 | |
| Source: | File created: | Jump to dropped file | ||
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | Binary or memory string: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Code function: | 11_2_000002633C903DD0 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 11_2_00650244 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Thread register set: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 11_2_000002633C903F80 | |
| Source: | Code function: | 11_2_000002633C903030 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Registry key value queried: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | 1 Native API | Path Interception | 22 Process Injection | 21 Virtualization/Sandbox Evasion | OS Credential Dumping | 111 Security Software Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 22 Process Injection | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Multi-hop Proxy | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Rundll32 | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | 3 File and Directory Discovery | SSH | Keylogging | Data Transfer Size Limits | 2 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | 132 System Information Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | 1 Proxy | Jamming or Denial of Service | Abuse Accessibility Features |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 41% | ReversingLabs | |||
| 41% | Virustotal | Browse | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
⊘No contacted domains info
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| low | ||
| false |
| low | ||
| false |
| low |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.234.147.45 | unknown | Canada | 30407 | VELCOMCA | true | |
| 188.191.106.71 | unknown | Ukraine | 51824 | ALTERNATIVA-NETUA | true | |
| 104.234.11.33 | unknown | Canada | 30407 | VELCOMCA | true | |
| 62.101.147.99 | unknown | Bosnia and Herzegowina | 15584 | SIAGSIAGAutonomousSystemIT | true | |
| 23.254.226.136 | unknown | United States | 54290 | HOSTWINDSUS | true |
| IP |
|---|
| 127.0.0.1 |
| Joe Sandbox Version: | 37.0.0 Beryl |
| Analysis ID: | 828778 |
| Start date and time: | 2023-03-17 15:06:35 +01:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 14m 58s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Run name: | Run with higher sleep bypass |
| Number of analysed new started processes analysed: | 15 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample file name: | file.exe |
| Detection: | MAL |
| Classification: | mal100.troj.expl.evad.winEXE@5/17@0/6 |
| EGA Information: |
|
| HDC Information: |
|
| HCA Information: | Failed |
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): fs.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size getting too big, too many NtEnumerateKey calls found.
- Report size getting too big, too many NtEnumerateValueKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
⊘No simulations
| Process: | C:\Windows\SysWOW64\rundll32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 500 |
| Entropy (8bit): | 3.3151301360601804 |
| Encrypted: | false |
| SSDEEP: | 12:Ef/rStV26URq6PGcaPQWeMbli6WJC+wlFVeIiN:EbaM/Rq6zaoFMblizC+wlFxiN |
| MD5: | D315BBD6C07DC1ED22A3684F52483A6D |
| SHA1: | 06E68CCEA1F867134A3C83BE8668AD8C45595977 |
| SHA-256: | B7221026886427D7929688F34612FBF9411CFD81D8E2B24C38A0DDB6DFAC004E |
| SHA-512: | 6411B88E0792640672F5390749BC26B11B6AD3DEE0B773BB588D73062745C2B268CBF5AEAB3A973553EF92BFFDA93A3875A15FC93622736E7DCC92706A16DDD8 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\rundll32.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 500 |
| Entropy (8bit): | 3.311753328157029 |
| Encrypted: | false |
| SSDEEP: | 12:M9x9vv3LVSEQAHr83WzWFzq9Iz/YWAn7xkVhFpn:Wxpv3LEEQAL8msY4An7gp |
| MD5: | 357E55354037B178B5BF3692C4CEDC70 |
| SHA1: | 8ABDEE46A1A718AB9821B8AD86BD47B1FC9BCD32 |
| SHA-256: | 52769128B7719BC902B41AAFC3B85409A9C55345F8EC085A5E7FB644B916E2B6 |
| SHA-512: | E7715EC83DBFC11A4DA8FB627622418DD36D978B5ED0B64100D61888E6333FB666510761634BC6D103AF553F927D61CA099992A7A15C22197BD88BA98D95E083 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\rundll32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 500 |
| Entropy (8bit): | 3.3155470138134633 |
| Encrypted: | false |
| SSDEEP: | 12:JD2AQyGIc7WfnVUE2eCN4k2Afl6MMa+KhMuxVXDw7xzZT889XSjt8BKXf:JH9c76nVNWyk2C6DN4w7g8dSpOMf |
| MD5: | 77839624A1D796F115767D21E0268757 |
| SHA1: | F78F84F9D06AF0E6C754541426646EC4D99826A6 |
| SHA-256: | B891EB114E8D4419D823F25918727D5AF149E9E086B9B87948FE25D4E66DB260 |
| SHA-512: | 0E42263CE5F90AAD320BCE5F1841CE409F435EE1FC925D8658D3B91EDF015DC6868A844FE3281D8564ED365116F8555C5EEC5278846211B49382454FAE9F01CA |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\rundll32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 500 |
| Entropy (8bit): | 3.300072067403837 |
| Encrypted: | false |
| SSDEEP: | 12:EaBKhUS6mGzA4bBATi8ZmYWkRRn5U9RPSdHxQFCxkciRZh:EaBgOXb0FZmvaK9wR0ckci/h |
| MD5: | EF7482F3687BFE54E204AFC3D2EC635A |
| SHA1: | 04F60A825CF3B04BBA3EBD4927464A9EE25A8775 |
| SHA-256: | E46ABD7A687CA5942A6B18FACFA5A602BD90D9FABAE25AD3434192DFB992C77A |
| SHA-512: | 6D196F448BC2173BAA065A86290105D1268250B1D1ACD75D56E3D4FA2CC64876DB31A05A7796B1A59D2AB8C1CB355FB5D55CE06C69A2F5554BE3BBFB1624C2AD |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\rundll32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 500 |
| Entropy (8bit): | 3.3158789586592814 |
| Encrypted: | false |
| SSDEEP: | 12:OQScbu1icig+NZUDwgrCarZDCGRNdl+UunkfOrSE3g:7bCig+NZCBmqZD1Pl+pk2GEw |
| MD5: | 3B02E0E4DB7F24642C202C963EF249E1 |
| SHA1: | 42EB8CC2A0CA4C5F7A6CDEC66B625DB871A64CFA |
| SHA-256: | 149D4B500F50F2DE19CFD10BD8D749A31C11F6AA7B5856D55D41AD65A628E0D6 |
| SHA-512: | 68C1DB564F2EBF402C292FDA694487EF9F325AB0D084E4924B522ABD28BB4184C4518742BA7E8E8CC1C2602217307D7F2D5BF90C4B6C3CA183E3A2AC362ACB10 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\rundll32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 500 |
| Entropy (8bit): | 3.2937926728841673 |
| Encrypted: | false |
| SSDEEP: | 12:CA5GZwIY8eHWHIGJeKvtG6s0Tik/lwX9cXgPPQ4Nm2U:C2OwH8nLfvtFlik/l0cXgbw |
| MD5: | 787359F4693093607BE5045A51DE329A |
| SHA1: | A56D16736C75D205167B06EB69392B74DCE92F50 |
| SHA-256: | 896636C0FC765E3B67DF4345972A5C9397E30A9B3A1B48A49435F9CDE15501B9 |
| SHA-512: | 32F2F8D7CE1A712A24A280BFDD533A44CE272961D797EBD7445A5D2B67BFDACFBA73D10F8DF7F4A2D33D2A8074CA397DD49E95DC5E1203B5DAF32630084A5B52 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\rundll32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 500 |
| Entropy (8bit): | 3.3148553191029824 |
| Encrypted: | false |
| SSDEEP: | 12:OuLujkW0cRtx0NfYPFCV5JbMJjWy7XRC7S9xqGF4:hLSscRtKJbMJjdRgS9Rq |
| MD5: | 20451171BA7825639D186FD6F2B7948D |
| SHA1: | EC5B7A5A148E8ED60AC7976EE9A81BD2B6BF3400 |
| SHA-256: | C879623E9FFED78E472DD607F2EBC5325B4CC2F6E3ABC3A6D29F7FA325306B52 |
| SHA-512: | F55D049201A3495153718B102E32FE29BBCC1DED95503FDE6BFABD70647A1D73125B033952697131A34AF6BA56A7C4C14608B94441793BCC5109B863E437AAF0 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\rundll32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 500 |
| Entropy (8bit): | 3.307847060856634 |
| Encrypted: | false |
| SSDEEP: | 12:xGjt1CEcZODscc8o3zewlP7ICI6Wr5xuBsTFxtUE:xC1CDZOu80JlP7IkExuBsTaE |
| MD5: | 5734E4514027B05DD736030A1E41A6CF |
| SHA1: | F2EA70B9DAA509ACBE8A4A884B2CE92CC72FDFAE |
| SHA-256: | 6A6A813A7378F61D2E81D58E288ABD128682E6F4CA991D3C6360FFD87CCAA304 |
| SHA-512: | D09BC706C29A41E631EFC7AD6D78DC8F5638D2C8DE2625A7B756CE54B0B3A05B4D727FCF7A1E58087DE4F1953116FE089CC1E26BA2A3E1D34242ED34D126649E |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\rundll32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 500 |
| Entropy (8bit): | 3.312170993908825 |
| Encrypted: | false |
| SSDEEP: | 12:i3+E+aAU4z1cXRQp1kqFkXEgc40nIrzLAlbUK3TDSfWa3GGH:iRv9cpqDKjuf1 |
| MD5: | BA112DE28362D28B6F3BCADAA3D26AE0 |
| SHA1: | 6DB575E3202E10D21C7CE9EC7CE27F706DBB0140 |
| SHA-256: | 0C885A0F845AE08521D522C428FE8A72FE962A8C76395ACF02239C2C938113F6 |
| SHA-512: | 3FE44F20655699205D795D07B99F393BBB9A16E19BD6236649A5D19A1A05853F1F36F6F8716BDC97B748E4C4475D2ED9F922FB120E945260C56CE781A6E1AD15 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\rundll32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 500 |
| Entropy (8bit): | 3.314096750692521 |
| Encrypted: | false |
| SSDEEP: | 12:vWJYV0r14UzWcWdchpz6MdNqRG6eLqQk0Ec1TUU3eB3dNF+:vWyCwndUeUqRFeWKEc1Mti |
| MD5: | 2A690FFB2013D85D0A4FC611FEFA67B0 |
| SHA1: | E3F03335B692561DFAB67F5B875FEC2A9F644026 |
| SHA-256: | 35F536430DB2EC26BF80FC7EEE116EA131F1E891A76BC3E62ABC456953E1CCF5 |
| SHA-512: | C9174F2A80A398CD74460A4F686FB34FCC2C7FA58A5237D6776476422F90D2F5614B0BC0CBD139EE90326F3B60587E42FF9102CB8CFCCDF1EC8E3E45481A3E8A |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\rundll32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 500 |
| Entropy (8bit): | 3.3163379792512835 |
| Encrypted: | false |
| SSDEEP: | 12:kFF8iG+KMQJIBle92Ly850uz1EKPjT/dVyy2yl:kFTPKGBle9uy8H1hjTVVyy2g |
| MD5: | 05E71B5865B863DF32EF7055CD0AC07C |
| SHA1: | 28CEA4AE1FBE4DBF4DDA46BFFF232CFBB0A89D2C |
| SHA-256: | 68731EAF8336EF5BC79BD720F6F849E7BB14D9A212FF73E03E58E3863F9F6C15 |
| SHA-512: | 4CA7C8A49D9580D32593F5C7E44313189AAEA7A417F590FB01786865C986074118D61597855300CDCB9C0C6BF580E11AD29CF4FA1D7B4E236E49A16D5ABEA0A9 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\rundll32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 500 |
| Entropy (8bit): | 3.3077167534558654 |
| Encrypted: | false |
| SSDEEP: | 12:0gAUfBRbF8d6kpEL6pP263HT5/sOdSN88Sgir4rLI5Gpx0WA1:0fsv8d/pPTT5/FArStr1Gz0f1 |
| MD5: | 3B5349B073158FF83C06E4F290EA7CDC |
| SHA1: | AD3349ABE99E6B7187B2852FBA521CD794EBB3C4 |
| SHA-256: | 8534F15A3A0DBD7CC0BF25290C45869EDE2E0E9E3E148F155CED2177A4258175 |
| SHA-512: | E319ECA1EE197C0D6601B17E5A23D93862AE8050686D40125750808C12DD7DF3481965A66F0C7538D23986FA201A1C52561381A611B6C33135CBAF2333CC17AD |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\rundll32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 500 |
| Entropy (8bit): | 3.3038147670190186 |
| Encrypted: | false |
| SSDEEP: | 12:OW0hDGmeOWPCRA0RurmaZCpTcg3QhHtaBRk8JPLscqN9zLgocT9:90hCNOWP7CaUpIgI4TnoN9zLgJT9 |
| MD5: | E2D53CBA553B6CCF9BD71A59C8884891 |
| SHA1: | 38DB1A8461399D0F865B0805280A60FD8D0A72DD |
| SHA-256: | A2C3BED45CFC54DAD10657F4AF93C08B7ED210C8CE42A78C3DCE972D2B8464CE |
| SHA-512: | 5F6162227657156C8B018C170ABF5EFC08A01F18A827662A1FF012142230CD93844A30A04BDC19EBE425DBB42B50A77CADA50CE1C7CA06789C9E8DB7BF21703E |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\rundll32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 500 |
| Entropy (8bit): | 3.317732945070744 |
| Encrypted: | false |
| SSDEEP: | 12:cTGTcwZEHIHlCFRchgsQXaILTEo+CKV+hwccHKNXYWBAKO3cdFbG:OEvENIFQXazriJeaAKOsG |
| MD5: | A2C3D7EE1699E599C3E06B4C73912E34 |
| SHA1: | F50646E69321B96A195D416F5298F43041711820 |
| SHA-256: | C66D4C20E2D789280A16BACA31F2D85C1B93B24E55EA4E2B1EE2C556E52C6201 |
| SHA-512: | D4ADF1C9A842EE7F63F3AEDAD868314289292C5B889B5EDB766F829D8A432EED20F34E858FE6813A2861964982EB62B7EDA3ABC1527685E2048D79CAFACC11A3 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\rundll32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 500 |
| Entropy (8bit): | 3.2956328098424414 |
| Encrypted: | false |
| SSDEEP: | 12:5BnvQ+WWepcRxIxkw7RNaqi3bJ/S2lIgFhKvC3yFxCRBWuFC:vbWhpcQTRNaqi3bVSSIgFhSC3yFIRBWB |
| MD5: | F126468A1C1065375F1E21A75465F782 |
| SHA1: | 2AEACA0B22F9761338CC6DB8CC0B10DAB570DA24 |
| SHA-256: | 1FAB0042BB1215EA45DBE8900022E1AD592B0E4E84BDAAF4C6606A2BBD030EED |
| SHA-512: | 8DD14BF081DB59C9C165A0F7E75DCDCFB8754EE66CAE63C13F7B16A1DB05CB74D69ABD544DEB7820EFB5A5452E55FA3C17BFA34807A449EF1073EF284A83ECF4 |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Windows\SysWOW64\rundll32.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3667248 |
| Entropy (8bit): | 7.999940082060493 |
| Encrypted: | true |
| SSDEEP: | 98304:Ayq8O7XScy/L3Vp8Zauw762ERQKirE4GqD4ZqWQZl:nYXmL3VpGwBxfX4QZl |
| MD5: | 68789879BE387FF36958C98E54ED6CD3 |
| SHA1: | 1DD1083A676214A57AF9E8C31CB00EEC8417AA2D |
| SHA-256: | 34DB9FDF30554009FF3FD5F65FE7DA13377355FC507CCB42EADB1FB544502DFB |
| SHA-512: | AEDAA065DB7661902BE2B6802D8F7A49BC49ECE1AB6E7C72B5EE96B5267D311B0626A1708DAFBA852E6BC5ADBDB7F32215225C488FEB31CCF52D66277A16698E |
| Malicious: | false |
| Reputation: | unknown |
| Preview: |
| Process: | C:\Users\user\Desktop\file.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3391488 |
| Entropy (8bit): | 6.485916340895372 |
| Encrypted: | false |
| SSDEEP: | 98304:zH2ZSYRBGBc/kmdCMoEb2Byk8FOTNFMCBEp5X:zHESYfQc/kmdCMoEb2Byk885F7BEph |
| MD5: | 863D9D2A5A4E70CF4B22EBA730B43681 |
| SHA1: | 0D179192FBBF6F7C3FEE3F174EADC03DF3A1A792 |
| SHA-256: | 12868680DC13552C927A5CD95740B08D1825B1398B9CE32EFDFCB904F0477A9B |
| SHA-512: | AD5D28FF196755F03C65BC516BECF8433D1FE21BC7CF6165C61D8E7A4ADB07354E55CA6EA828072DB4591A7F6C9774BFD670B0D4E75227918828238D2D37A0D5 |
| Malicious: | true |
| Yara Hits: |
|
| Reputation: | unknown |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.919750342433978 |
| TrID: |
|
| File name: | file.exe |
| File size: | 2806272 |
| MD5: | 50b28c8b39d65e49be2873ef4fae4955 |
| SHA1: | a13c4d71e4add3ba31d6d1b10cc927c953676455 |
| SHA256: | 5daeae2494873409b8b59fd1adde883ce972d9a1d9616ce7d9067aaa3527ed7f |
| SHA512: | 2a657fbf951738e5f96cc7095e6d5b6983afcde20e4ce9c4f1c3043e97617d547a37165f51cf7ec382f2744d206f997a90c7b579953bf4722b4a3ba2f268caf9 |
| SSDEEP: | 49152:4kKEnVVYyTxwZCpm/roseFEFhuhLmHGugnc4tNz+EldRXDZU6hKtAV7hh:4tEVimeYpm/rostFwYHNgnhmKULAV |
| TLSH: | 46D52203C6E17C85DA258B73AE1EC2E4B61DB5A1CF1877F62368DE2B05B10B2D173616 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I...(...(...(...zB..(...zS..(...zT..(.......(...(...(...z]..(...zC..(...zF..(..Rich.(..........PE..L......a.................J( |
 | |
| Icon Hash: | a4a4a494a4a4a4e0 |
| Entrypoint: | 0x40698e |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x61C2FDCE [Wed Dec 22 10:28:30 2021 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 0 |
| File Version Major: | 5 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 0 |
| Import Hash: | e363d5da20c70258bd1c7ee5e97f31ef |
| Instruction |
|---|
| call 00007F68A0C9F5D7h |
| jmp 00007F68A0C9AEFEh |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| push ecx |
| push ebx |
| push esi |
| push edi |
| push dword ptr [02D35B68h] |
| call 00007F68A0C9F06Ch |
| push dword ptr [02D35B64h] |
| mov edi, eax |
| mov dword ptr [ebp-04h], edi |
| call 00007F68A0C9F05Ch |
| mov esi, eax |
| pop ecx |
| pop ecx |
| cmp esi, edi |
| jc 00007F68A0C9B109h |
| mov ebx, esi |
| sub ebx, edi |
| lea eax, dword ptr [ebx+04h] |
| cmp eax, 04h |
| jc 00007F68A0C9B0F9h |
| push edi |
| call 00007F68A0C9F705h |
| mov edi, eax |
| lea eax, dword ptr [ebx+04h] |
| pop ecx |
| cmp edi, eax |
| jnc 00007F68A0C9B0CAh |
| mov eax, 00000800h |
| cmp edi, eax |
| jnc 00007F68A0C9B084h |
| mov eax, edi |
| add eax, edi |
| cmp eax, edi |
| jc 00007F68A0C9B091h |
| push eax |
| push dword ptr [ebp-04h] |
| call 00007F68A0C9F693h |
| pop ecx |
| pop ecx |
| test eax, eax |
| jne 00007F68A0C9B098h |
| lea eax, dword ptr [edi+10h] |
| cmp eax, edi |
| jc 00007F68A0C9B0C2h |
| push eax |
| push dword ptr [ebp-04h] |
| call 00007F68A0C9F67Dh |
| pop ecx |
| pop ecx |
| test eax, eax |
| je 00007F68A0C9B0B3h |
| sar ebx, 02h |
| push eax |
| lea esi, dword ptr [eax+ebx*4] |
| call 00007F68A0C9EF77h |
| pop ecx |
| mov dword ptr [02D35B68h], eax |
| push dword ptr [ebp+08h] |
| call 00007F68A0C9EF69h |
| mov dword ptr [esi], eax |
| add esi, 04h |
| push esi |
| call 00007F68A0C9EF5Eh |
| pop ecx |
| mov dword ptr [02D35B64h], eax |
| mov eax, dword ptr [ebp+08h] |
| pop ecx |
| jmp 00007F68A0C9B084h |
| xor eax, eax |
| pop edi |
| pop esi |
| pop ebx |
| leave |
| ret |
| mov edi, edi |
| push esi |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x284f6c | 0x50 | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2937000 | 0x1af20 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x2952000 | 0xd0c | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x11f0 | 0x1c | .text |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x2db8 | 0x18 | .text |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2d70 | 0x40 | .text |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x194 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x284884 | 0x284a00 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .data | 0x286000 | 0x26b0ca8 | 0x3e00 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x2937000 | 0x1af20 | 0x1b000 | False | 0.4055808738425926 | data | 4.408346862958102 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x2952000 | 0x9444 | 0x9600 | False | 0.07703125 | data | 0.9667957712228643 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_CURSOR | 0x2950a70 | 0x330 | Device independent bitmap graphic, 48 x 96 x 1, image size 0 | ||
| RT_CURSOR | 0x2950da0 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | ||
| RT_ICON | 0x2937990 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Serbian | Italy |
| RT_ICON | 0x2938838 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Serbian | Italy |
| RT_ICON | 0x29390e0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Serbian | Italy |
| RT_ICON | 0x29397a8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Serbian | Italy |
| RT_ICON | 0x2939d10 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Serbian | Italy |
| RT_ICON | 0x293c2b8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Serbian | Italy |
| RT_ICON | 0x293d360 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Serbian | Italy |
| RT_ICON | 0x293d830 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Serbian | Italy |
| RT_ICON | 0x293e6d8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Serbian | Italy |
| RT_ICON | 0x293ef80 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Serbian | Italy |
| RT_ICON | 0x293f648 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Serbian | Italy |
| RT_ICON | 0x293fbb0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | Serbian | Italy |
| RT_ICON | 0x2942158 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | Serbian | Italy |
| RT_ICON | 0x2943200 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | Serbian | Italy |
| RT_ICON | 0x2943b88 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | Serbian | Italy |
| RT_ICON | 0x2944068 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Serbian | Italy |
| RT_ICON | 0x2944f10 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Serbian | Italy |
| RT_ICON | 0x29457b8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Serbian | Italy |
| RT_ICON | 0x2945d20 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Serbian | Italy |
| RT_ICON | 0x29482c8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Serbian | Italy |
| RT_ICON | 0x2949370 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Serbian | Italy |
| RT_ICON | 0x2949cf8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Serbian | Italy |
| RT_ICON | 0x294a1c8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Serbian | Italy |
| RT_ICON | 0x294b070 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Serbian | Italy |
| RT_ICON | 0x294b918 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Serbian | Italy |
| RT_ICON | 0x294bfe0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Serbian | Italy |
| RT_ICON | 0x294c548 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Serbian | Italy |
| RT_ICON | 0x294eaf0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Serbian | Italy |
| RT_ICON | 0x294fb98 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Serbian | Italy |
| RT_ICON | 0x2950520 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Serbian | Italy |
| RT_DIALOG | 0x29510e0 | 0x86 | data | ||
| RT_STRING | 0x2951168 | 0x466 | data | ||
| RT_STRING | 0x29515d0 | 0x2ba | data | ||
| RT_STRING | 0x2951890 | 0x4bc | data | ||
| RT_STRING | 0x2951d50 | 0x1ce | data | ||
| RT_ACCELERATOR | 0x2950a00 | 0x48 | data | Serbian | Italy |
| RT_ACCELERATOR | 0x2950a48 | 0x18 | data | Serbian | Italy |
| RT_GROUP_CURSOR | 0x2950ed0 | 0x22 | data | ||
| RT_GROUP_ICON | 0x294a160 | 0x68 | data | Serbian | Italy |
| RT_GROUP_ICON | 0x293d7c8 | 0x68 | data | Serbian | Italy |
| RT_GROUP_ICON | 0x2943ff0 | 0x76 | data | Serbian | Italy |
| RT_GROUP_ICON | 0x2950988 | 0x76 | data | Serbian | Italy |
| RT_VERSION | 0x2950ef8 | 0x1e4 | data | ||
| None | 0x2950a60 | 0xa | data |
| DLL | Import |
|---|---|
| KERNEL32.dll | CallNamedPipeW, FreeEnvironmentStringsA, GetConsoleAliasesA, GetWindowsDirectoryA, LoadLibraryW, GetStringTypeExW, GetExitCodeProcess, lstrcpynW, GetFileAttributesW, LocalReAlloc, WriteConsoleW, GetBinaryTypeW, MultiByteToWideChar, SetLastError, GetProcAddress, VirtualAlloc, EnumSystemCodePagesW, GlobalAddAtomA, LocalAlloc, GetFileType, CreateHardLinkW, CreateEventW, OpenJobObjectW, FindAtomA, GetStringTypeW, EnumDateFormatsW, DeleteTimerQueueTimer, GetPrivateProfileSectionW, OpenFileMappingA, LCMapStringW, CloseHandle, CreateFileA, FlushFileBuffers, GetConsoleOutputCP, InterlockedIncrement, InterlockedDecrement, Sleep, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetStartupInfoW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetLastError, HeapFree, RtlUnwind, RaiseException, TerminateProcess, GetCurrentProcess, IsDebuggerPresent, HeapAlloc, SetHandleCount, GetStdHandle, GetStartupInfoA, GetModuleHandleW, ExitProcess, WriteFile, GetModuleFileNameA, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, HeapSize, HeapReAlloc, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetLocaleInfoA, GetStringTypeA, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, InitializeCriticalSectionAndSpinCount, LoadLibraryA, LCMapStringA, SetStdHandle, WriteConsoleA |
| USER32.dll | CreateMDIWindowW, NotifyWinEvent, InvalidateRgn, LoadMenuW, GetMenuInfo, ScreenToClient |
| GDI32.dll | GetGlyphIndicesA |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Serbian | Italy |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 17, 2023 15:07:47.674309969 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:47.674376011 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:47.674463987 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:47.712168932 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:47.712208986 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:51.885109901 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:51.885251999 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:53.205209017 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:53.205292940 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:53.205881119 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:53.205952883 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:53.312167883 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:53.312201977 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:53.871206045 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:53.871309996 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:53.871386051 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:53.871412039 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:53.871519089 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:53.871520042 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:53.871536016 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:53.873703003 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.016601086 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.016643047 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.016839027 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.016896963 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.017010927 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.160706043 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.160928011 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.161397934 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.161499023 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.161530972 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.161567926 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.161613941 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.161628008 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.161658049 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.161678076 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.305035114 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.305075884 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.305174112 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.305243969 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.305258036 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.305290937 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.305316925 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.305361986 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.305521011 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.305552006 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.305627108 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.305643082 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.305680990 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.305689096 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.306534052 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.306565046 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.306684971 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.306715965 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.306773901 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.306915045 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.306950092 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.307035923 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.307044983 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.307097912 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.307122946 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.450001001 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.450045109 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.450160980 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.450244904 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.450247049 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.450294971 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.450319052 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.450365067 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.450418949 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.450572968 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.450611115 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.450676918 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.450710058 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.450756073 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.450790882 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.451266050 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.451333046 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.451386929 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.451406956 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.451440096 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.451461077 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.451646090 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.451687098 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.451735020 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.451751947 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.451793909 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.451807976 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.451828957 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.451863050 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.451911926 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.451925993 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.451945066 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.451978922 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.452514887 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.452619076 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.452625990 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.452646017 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.452708006 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.452729940 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.452805042 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.452847004 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.452909946 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.452924967 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.452949047 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.452971935 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.453196049 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.453286886 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.453356981 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.453433990 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.453440905 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.453476906 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.453661919 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.453694105 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.453746080 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.453761101 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.453782082 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.453803062 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.595136881 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.595242023 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.595382929 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.595424891 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.595479965 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.596362114 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.597549915 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.597620010 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.597712040 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.597742081 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.597762108 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.597796917 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.597862959 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.597918987 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.597960949 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.597973108 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.597995996 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.598025084 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.598242998 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.598295927 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.598340034 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.598354101 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.598388910 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.598401070 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.598628044 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.598685026 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.598740101 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.598753929 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.598789930 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.598818064 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.598998070 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.599056005 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.599087000 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.599098921 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.599119902 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.599153042 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.599373102 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.599425077 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.599466085 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.599478960 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.599497080 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.599525928 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.599720001 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.599776030 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.599797010 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.599808931 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.599845886 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.599858046 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.600151062 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.600204945 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.600263119 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.600279093 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.600311041 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.600339890 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.600476980 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.600532055 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.600574017 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.600588083 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.600632906 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.600666046 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.600924969 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.600979090 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.601022005 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.601043940 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.601068974 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.601099968 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.601238012 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.601299047 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.601327896 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.601341009 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.601363897 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.601392984 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.601618052 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.601670980 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.601716042 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.601752043 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.810718060 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.810868979 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.938152075 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.938200951 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.938235044 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.938252926 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.938635111 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.938657045 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.938708067 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.938741922 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.938961983 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.938977957 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.939177036 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.939285994 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.939306021 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.939397097 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.940915108 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.940943956 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:54.941319942 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:54.941319942 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.150723934 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.151452065 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.151479959 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.151515007 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.151549101 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.151578903 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.151608944 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.151668072 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.151705027 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.151715040 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.151748896 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.151787996 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.151837111 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.151885033 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.151936054 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.151969910 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.152014017 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.152054071 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.152093887 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.152128935 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.152165890 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.152179003 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.152208090 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.152381897 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.358724117 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.359227896 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.382538080 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.382574081 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.382595062 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.382844925 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.383972883 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.383999109 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.384016991 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.384028912 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384036064 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.384151936 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384167910 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.384211063 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.384227037 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384236097 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.384280920 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384321928 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384322882 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384335041 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.384357929 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.384370089 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384370089 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384392023 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.384428978 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.384433031 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384433031 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384450912 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.384478092 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.384592056 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384592056 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384592056 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384592056 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384592056 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384608984 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.384638071 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384638071 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384641886 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.384685040 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384689093 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.384726048 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384726048 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384738922 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.384784937 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384963989 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.384963989 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385078907 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385078907 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385078907 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385078907 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385149956 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.385212898 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385212898 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385212898 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385212898 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385241032 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385247946 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.385309935 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385309935 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385447025 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385447025 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385447025 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385530949 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385530949 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385552883 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385590076 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385637999 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385663033 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385694981 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.385731936 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.590718985 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.592775106 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.710340023 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.710366011 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.710383892 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.710400105 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.710443020 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.710457087 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.710546970 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.710556984 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.710586071 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.710592985 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.710617065 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.710623026 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.710658073 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.710664034 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.710675955 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.710712910 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.710720062 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.710736990 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.710870981 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.710879087 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.710911989 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.710922956 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.710946083 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.710952044 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.710993052 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711025953 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711034060 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.711066961 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711101055 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711122990 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.711143017 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711178064 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711184978 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.711215019 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711247921 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711281061 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711287975 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.711318970 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711345911 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711451054 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711493015 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711502075 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.711543083 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711597919 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711613894 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711653948 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711694956 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711733103 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711771011 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711791992 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711797953 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.711842060 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711842060 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711849928 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.711878061 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711909056 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711940050 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711972952 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.711980104 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.712004900 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712039948 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712075949 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712112904 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712120056 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.712148905 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712184906 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712220907 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712258101 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712264061 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.712297916 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712332964 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712368965 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712404013 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712445974 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712451935 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.712480068 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712517023 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712574959 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712593079 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712598085 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.712632895 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712666035 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712701082 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712733984 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712771893 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712800980 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712974072 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712974072 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712974072 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712974072 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.712974072 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.713016987 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.713016987 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.713037014 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.713062048 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.713093996 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.713124990 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.713157892 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.713186979 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.713219881 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.713228941 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.713243008 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.713284969 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.713300943 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.713541985 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.713546991 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.713576078 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.713597059 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.713618040 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.713645935 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.714077950 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.714091063 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.717276096 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.727307081 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.727345943 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.729232073 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729252100 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.729274988 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729321957 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729331970 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.729356050 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729384899 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729419947 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729429007 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.729451895 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729460001 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.729486942 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729522943 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729532003 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.729564905 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729599953 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729609966 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.729636908 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729676962 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729713917 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729711056 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.729743004 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.729779005 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729792118 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.729815960 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729826927 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729861021 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.729865074 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729907036 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.729935884 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730000019 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730295897 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730345011 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730379105 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730415106 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730451107 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730488062 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730521917 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730556965 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730673075 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730705023 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730750084 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730778933 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730811119 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730844975 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730880976 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730914116 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.730956078 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.755599976 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.755670071 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.757556915 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.757632017 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.758476019 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.758512974 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.760196924 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.760247946 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.764308929 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.764358997 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.764435053 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.764724016 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.764782906 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.765531063 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.791699886 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.791800022 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.791800976 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.791827917 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.791837931 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.791872025 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.791901112 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.792732000 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.792771101 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.792993069 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.792994022 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.793009043 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.793087959 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.797069073 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.797118902 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.797360897 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.797380924 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.797395945 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.797446966 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.803158045 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.803205967 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.804126024 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.804200888 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.805432081 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.805484056 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.805613995 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.805644035 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.805677891 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.805794954 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.805829048 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.807044029 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.807109118 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.807153940 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.807183981 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.807204008 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.807255030 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.808888912 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.808959007 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.808979988 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.809007883 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.809031963 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.809052944 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.810168982 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.810201883 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.810280085 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.810309887 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.810331106 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.810374022 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.811224937 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.811263084 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.811322927 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.811347961 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.811413050 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.812359095 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.812403917 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.814136028 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.814167976 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.815716028 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.825700998 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.825762033 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.825831890 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.825855017 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.826119900 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.826236963 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.826451063 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.826596975 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.827275991 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.827305079 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.827676058 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.827699900 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.827827930 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.827879906 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.864742041 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.864799976 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.865784883 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.865849972 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.867058039 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.867077112 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.867162943 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.867192030 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.867192030 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.867197990 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.867219925 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.867270947 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.867435932 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.868793011 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.868829012 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.870029926 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.870048046 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.870307922 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.899983883 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.900048018 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.900186062 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.900202990 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.900338888 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:55.901189089 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.901228905 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:55.901689053 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:56.106724024 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:56.106820107 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:56.129699945 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:56.129739046 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:56.129787922 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:56.129800081 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:07:56.130008936 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:56.135508060 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:56.135854006 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:56.138937950 CET | 49710 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:07:56.138978004 CET | 443 | 49710 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:09:49.426023006 CET | 49713 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:09:49.426089048 CET | 443 | 49713 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:09:49.426201105 CET | 49713 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:09:50.186454058 CET | 49713 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:09:50.186507940 CET | 443 | 49713 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:09:50.186568022 CET | 443 | 49713 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:09:50.186593056 CET | 49713 | 443 | 192.168.2.6 | 104.234.147.45 |
| Mar 17, 2023 15:09:50.186625957 CET | 443 | 49713 | 104.234.147.45 | 192.168.2.6 |
| Mar 17, 2023 15:09:50.283655882 CET | 49714 | 443 | 192.168.2.6 | 23.254.226.136 |
| Mar 17, 2023 15:09:50.283709049 CET | 443 | 49714 | 23.254.226.136 | 192.168.2.6 |
| Mar 17, 2023 15:09:50.283812046 CET | 49714 | 443 | 192.168.2.6 | 23.254.226.136 |
| Mar 17, 2023 15:09:50.801775932 CET | 49714 | 443 | 192.168.2.6 | 23.254.226.136 |
| Mar 17, 2023 15:09:50.801830053 CET | 443 | 49714 | 23.254.226.136 | 192.168.2.6 |
| Mar 17, 2023 15:09:50.801929951 CET | 49714 | 443 | 192.168.2.6 | 23.254.226.136 |
| Mar 17, 2023 15:09:50.801934004 CET | 443 | 49714 | 23.254.226.136 | 192.168.2.6 |
| Mar 17, 2023 15:09:50.801954031 CET | 443 | 49714 | 23.254.226.136 | 192.168.2.6 |
| Mar 17, 2023 15:09:51.952075958 CET | 49715 | 443 | 192.168.2.6 | 188.191.106.71 |
| Mar 17, 2023 15:09:51.952133894 CET | 443 | 49715 | 188.191.106.71 | 192.168.2.6 |
| Mar 17, 2023 15:09:51.952250004 CET | 49715 | 443 | 192.168.2.6 | 188.191.106.71 |
| Mar 17, 2023 15:09:52.456511974 CET | 49715 | 443 | 192.168.2.6 | 188.191.106.71 |
| Mar 17, 2023 15:09:52.456558943 CET | 443 | 49715 | 188.191.106.71 | 192.168.2.6 |
| Mar 17, 2023 15:09:52.456629038 CET | 49715 | 443 | 192.168.2.6 | 188.191.106.71 |
| Mar 17, 2023 15:09:52.456656933 CET | 443 | 49715 | 188.191.106.71 | 192.168.2.6 |
| Mar 17, 2023 15:09:53.378823996 CET | 49716 | 443 | 192.168.2.6 | 104.234.11.33 |
| Mar 17, 2023 15:09:53.378901958 CET | 443 | 49716 | 104.234.11.33 | 192.168.2.6 |
| Mar 17, 2023 15:09:53.379030943 CET | 49716 | 443 | 192.168.2.6 | 104.234.11.33 |
| Mar 17, 2023 15:09:53.738962889 CET | 49716 | 443 | 192.168.2.6 | 104.234.11.33 |
| Mar 17, 2023 15:09:53.739039898 CET | 443 | 49716 | 104.234.11.33 | 192.168.2.6 |
| Mar 17, 2023 15:09:53.739074945 CET | 49716 | 443 | 192.168.2.6 | 104.234.11.33 |
| Mar 17, 2023 15:09:53.739089966 CET | 443 | 49716 | 104.234.11.33 | 192.168.2.6 |
| Mar 17, 2023 15:09:53.739118099 CET | 443 | 49716 | 104.234.11.33 | 192.168.2.6 |
| Mar 17, 2023 15:10:02.621074915 CET | 49717 | 443 | 192.168.2.6 | 62.101.147.99 |
| Mar 17, 2023 15:10:02.621160984 CET | 443 | 49717 | 62.101.147.99 | 192.168.2.6 |
| Mar 17, 2023 15:10:02.621347904 CET | 49717 | 443 | 192.168.2.6 | 62.101.147.99 |
| Mar 17, 2023 15:10:02.631151915 CET | 49717 | 443 | 192.168.2.6 | 62.101.147.99 |
| Mar 17, 2023 15:10:02.631206989 CET | 443 | 49717 | 62.101.147.99 | 192.168.2.6 |
| Mar 17, 2023 15:10:02.631290913 CET | 443 | 49717 | 62.101.147.99 | 192.168.2.6 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49710 | 104.234.147.45 | 443 | C:\Windows\SysWOW64\rundll32.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-03-17 14:07:53 UTC | 0 | OUT | |
| 2023-03-17 14:07:53 UTC | 0 | IN | |
| 2023-03-17 14:07:53 UTC | 0 | IN | |
| 2023-03-17 14:07:54 UTC | 16 | IN | |
| 2023-03-17 14:07:54 UTC | 32 | IN | |
| 2023-03-17 14:07:54 UTC | 48 | IN | |
| 2023-03-17 14:07:54 UTC | 64 | IN | |
| 2023-03-17 14:07:54 UTC | 80 | IN | |
| 2023-03-17 14:07:54 UTC | 96 | IN | |
| 2023-03-17 14:07:54 UTC | 112 | IN | |
| 2023-03-17 14:07:54 UTC | 128 | IN | |
| 2023-03-17 14:07:54 UTC | 144 | IN | |
| 2023-03-17 14:07:54 UTC | 160 | IN | |
| 2023-03-17 14:07:54 UTC | 176 | IN | |
| 2023-03-17 14:07:54 UTC | 192 | IN | |
| 2023-03-17 14:07:54 UTC | 208 | IN | |
| 2023-03-17 14:07:54 UTC | 224 | IN | |
| 2023-03-17 14:07:54 UTC | 240 | IN | |
| 2023-03-17 14:07:54 UTC | 256 | IN | |
| 2023-03-17 14:07:54 UTC | 272 | IN | |
| 2023-03-17 14:07:54 UTC | 288 | IN | |
| 2023-03-17 14:07:54 UTC | 304 | IN | |
| 2023-03-17 14:07:54 UTC | 320 | IN | |
| 2023-03-17 14:07:54 UTC | 336 | IN | |
| 2023-03-17 14:07:54 UTC | 352 | IN | |
| 2023-03-17 14:07:54 UTC | 368 | IN | |
| 2023-03-17 14:07:54 UTC | 384 | IN | |
| 2023-03-17 14:07:54 UTC | 400 | IN | |
| 2023-03-17 14:07:54 UTC | 416 | IN | |
| 2023-03-17 14:07:54 UTC | 432 | IN | |
| 2023-03-17 14:07:54 UTC | 448 | IN | |
| 2023-03-17 14:07:54 UTC | 464 | IN | |
| 2023-03-17 14:07:54 UTC | 480 | IN | |
| 2023-03-17 14:07:54 UTC | 496 | IN | |
| 2023-03-17 14:07:54 UTC | 512 | IN | |
| 2023-03-17 14:07:54 UTC | 528 | IN | |
| 2023-03-17 14:07:54 UTC | 544 | IN | |
| 2023-03-17 14:07:54 UTC | 560 | IN | |
| 2023-03-17 14:07:54 UTC | 576 | IN | |
| 2023-03-17 14:07:54 UTC | 592 | IN | |
| 2023-03-17 14:07:54 UTC | 608 | IN | |
| 2023-03-17 14:07:54 UTC | 624 | IN | |
| 2023-03-17 14:07:54 UTC | 640 | IN | |
| 2023-03-17 14:07:54 UTC | 656 | IN | |
| 2023-03-17 14:07:54 UTC | 672 | IN | |
| 2023-03-17 14:07:54 UTC | 688 | IN | |
| 2023-03-17 14:07:54 UTC | 704 | IN | |
| 2023-03-17 14:07:54 UTC | 720 | IN | |
| 2023-03-17 14:07:54 UTC | 736 | IN | |
| 2023-03-17 14:07:54 UTC | 752 | IN | |
| 2023-03-17 14:07:54 UTC | 768 | IN | |
| 2023-03-17 14:07:54 UTC | 784 | IN | |
| 2023-03-17 14:07:54 UTC | 800 | IN | |
| 2023-03-17 14:07:54 UTC | 816 | IN | |
| 2023-03-17 14:07:54 UTC | 832 | IN | |
| 2023-03-17 14:07:54 UTC | 848 | IN | |
| 2023-03-17 14:07:54 UTC | 864 | IN | |
| 2023-03-17 14:07:54 UTC | 880 | IN | |
| 2023-03-17 14:07:54 UTC | 896 | IN | |
| 2023-03-17 14:07:54 UTC | 912 | IN | |
| 2023-03-17 14:07:54 UTC | 928 | IN | |
| 2023-03-17 14:07:54 UTC | 944 | IN | |
| 2023-03-17 14:07:54 UTC | 960 | IN | |
| 2023-03-17 14:07:54 UTC | 976 | IN | |
| 2023-03-17 14:07:54 UTC | 992 | IN | |
| 2023-03-17 14:07:54 UTC | 1008 | IN | |
| 2023-03-17 14:07:54 UTC | 1024 | IN | |
| 2023-03-17 14:07:54 UTC | 1040 | IN | |
| 2023-03-17 14:07:54 UTC | 1056 | IN | |
| 2023-03-17 14:07:54 UTC | 1072 | IN | |
| 2023-03-17 14:07:54 UTC | 1088 | IN | |
| 2023-03-17 14:07:54 UTC | 1104 | IN | |
| 2023-03-17 14:07:54 UTC | 1120 | IN | |
| 2023-03-17 14:07:54 UTC | 1136 | IN | |
| 2023-03-17 14:07:54 UTC | 1152 | IN | |
| 2023-03-17 14:07:54 UTC | 1168 | IN | |
| 2023-03-17 14:07:54 UTC | 1184 | IN | |
| 2023-03-17 14:07:54 UTC | 1200 | IN | |
| 2023-03-17 14:07:54 UTC | 1216 | IN | |
| 2023-03-17 14:07:54 UTC | 1232 | IN | |
| 2023-03-17 14:07:54 UTC | 1248 | IN | |
| 2023-03-17 14:07:54 UTC | 1264 | IN | |
| 2023-03-17 14:07:54 UTC | 1280 | IN | |
| 2023-03-17 14:07:54 UTC | 1296 | IN | |
| 2023-03-17 14:07:54 UTC | 1312 | IN | |
| 2023-03-17 14:07:54 UTC | 1328 | IN | |
| 2023-03-17 14:07:54 UTC | 1344 | IN | |
| 2023-03-17 14:07:54 UTC | 1360 | IN | |
| 2023-03-17 14:07:54 UTC | 1376 | IN | |
| 2023-03-17 14:07:54 UTC | 1392 | IN | |
| 2023-03-17 14:07:54 UTC | 1408 | IN | |
| 2023-03-17 14:07:54 UTC | 1424 | IN | |
| 2023-03-17 14:07:54 UTC | 1440 | IN | |
| 2023-03-17 14:07:54 UTC | 1456 | IN | |
| 2023-03-17 14:07:54 UTC | 1472 | IN | |
| 2023-03-17 14:07:55 UTC | 1488 | IN | |
| 2023-03-17 14:07:55 UTC | 1504 | IN | |
| 2023-03-17 14:07:55 UTC | 1520 | IN | |
| 2023-03-17 14:07:55 UTC | 1536 | IN | |
| 2023-03-17 14:07:55 UTC | 1552 | IN | |
| 2023-03-17 14:07:55 UTC | 1568 | IN | |
| 2023-03-17 14:07:55 UTC | 1584 | IN | |
| 2023-03-17 14:07:55 UTC | 1600 | IN | |
| 2023-03-17 14:07:55 UTC | 1616 | IN | |
| 2023-03-17 14:07:55 UTC | 1632 | IN | |
| 2023-03-17 14:07:55 UTC | 1648 | IN | |
| 2023-03-17 14:07:55 UTC | 1664 | IN | |
| 2023-03-17 14:07:55 UTC | 1680 | IN | |
| 2023-03-17 14:07:55 UTC | 1696 | IN | |
| 2023-03-17 14:07:55 UTC | 1712 | IN | |
| 2023-03-17 14:07:55 UTC | 1728 | IN | |
| 2023-03-17 14:07:55 UTC | 1744 | IN | |
| 2023-03-17 14:07:55 UTC | 1760 | IN | |
| 2023-03-17 14:07:55 UTC | 1776 | IN | |
| 2023-03-17 14:07:55 UTC | 1792 | IN | |
| 2023-03-17 14:07:55 UTC | 1808 | IN | |
| 2023-03-17 14:07:55 UTC | 1824 | IN | |
| 2023-03-17 14:07:55 UTC | 1840 | IN | |
| 2023-03-17 14:07:55 UTC | 1856 | IN | |
| 2023-03-17 14:07:55 UTC | 1872 | IN | |
| 2023-03-17 14:07:55 UTC | 1888 | IN | |
| 2023-03-17 14:07:55 UTC | 1904 | IN | |
| 2023-03-17 14:07:55 UTC | 1920 | IN | |
| 2023-03-17 14:07:55 UTC | 1936 | IN | |
| 2023-03-17 14:07:55 UTC | 1952 | IN | |
| 2023-03-17 14:07:55 UTC | 1968 | IN | |
| 2023-03-17 14:07:55 UTC | 1984 | IN | |
| 2023-03-17 14:07:55 UTC | 2000 | IN | |
| 2023-03-17 14:07:55 UTC | 2016 | IN | |
| 2023-03-17 14:07:55 UTC | 2032 | IN | |
| 2023-03-17 14:07:55 UTC | 2048 | IN | |
| 2023-03-17 14:07:55 UTC | 2064 | IN | |
| 2023-03-17 14:07:55 UTC | 2080 | IN | |
| 2023-03-17 14:07:55 UTC | 2096 | IN | |
| 2023-03-17 14:07:55 UTC | 2112 | IN | |
| 2023-03-17 14:07:55 UTC | 2128 | IN | |
| 2023-03-17 14:07:55 UTC | 2144 | IN | |
| 2023-03-17 14:07:55 UTC | 2160 | IN | |
| 2023-03-17 14:07:55 UTC | 2176 | IN | |
| 2023-03-17 14:07:55 UTC | 2192 | IN | |
| 2023-03-17 14:07:55 UTC | 2208 | IN | |
| 2023-03-17 14:07:55 UTC | 2224 | IN | |
| 2023-03-17 14:07:55 UTC | 2240 | IN | |
| 2023-03-17 14:07:55 UTC | 2256 | IN | |
| 2023-03-17 14:07:55 UTC | 2272 | IN | |
| 2023-03-17 14:07:55 UTC | 2288 | IN | |
| 2023-03-17 14:07:55 UTC | 2304 | IN | |
| 2023-03-17 14:07:55 UTC | 2320 | IN | |
| 2023-03-17 14:07:55 UTC | 2336 | IN | |
| 2023-03-17 14:07:55 UTC | 2352 | IN | |
| 2023-03-17 14:07:55 UTC | 2368 | IN | |
| 2023-03-17 14:07:55 UTC | 2384 | IN | |
| 2023-03-17 14:07:55 UTC | 2400 | IN | |
| 2023-03-17 14:07:55 UTC | 2416 | IN | |
| 2023-03-17 14:07:55 UTC | 2432 | IN | |
| 2023-03-17 14:07:55 UTC | 2448 | IN | |
| 2023-03-17 14:07:55 UTC | 2464 | IN | |
| 2023-03-17 14:07:55 UTC | 2480 | IN | |
| 2023-03-17 14:07:55 UTC | 2496 | IN | |
| 2023-03-17 14:07:55 UTC | 2512 | IN | |
| 2023-03-17 14:07:55 UTC | 2528 | IN | |
| 2023-03-17 14:07:55 UTC | 2544 | IN | |
| 2023-03-17 14:07:55 UTC | 2560 | IN | |
| 2023-03-17 14:07:55 UTC | 2576 | IN | |
| 2023-03-17 14:07:55 UTC | 2592 | IN | |
| 2023-03-17 14:07:55 UTC | 2608 | IN | |
| 2023-03-17 14:07:55 UTC | 2624 | IN | |
| 2023-03-17 14:07:55 UTC | 2640 | IN | |
| 2023-03-17 14:07:55 UTC | 2656 | IN | |
| 2023-03-17 14:07:55 UTC | 2672 | IN | |
| 2023-03-17 14:07:55 UTC | 2688 | IN | |
| 2023-03-17 14:07:55 UTC | 2704 | IN | |
| 2023-03-17 14:07:55 UTC | 2720 | IN | |
| 2023-03-17 14:07:55 UTC | 2736 | IN | |
| 2023-03-17 14:07:55 UTC | 2752 | IN | |
| 2023-03-17 14:07:55 UTC | 2768 | IN | |
| 2023-03-17 14:07:55 UTC | 2784 | IN | |
| 2023-03-17 14:07:55 UTC | 2800 | IN | |
| 2023-03-17 14:07:55 UTC | 2816 | IN | |
| 2023-03-17 14:07:55 UTC | 2832 | IN | |
| 2023-03-17 14:07:55 UTC | 2848 | IN | |
| 2023-03-17 14:07:55 UTC | 2864 | IN | |
| 2023-03-17 14:07:55 UTC | 2880 | IN | |
| 2023-03-17 14:07:55 UTC | 2896 | IN | |
| 2023-03-17 14:07:55 UTC | 2912 | IN | |
| 2023-03-17 14:07:55 UTC | 2928 | IN | |
| 2023-03-17 14:07:55 UTC | 2944 | IN | |
| 2023-03-17 14:07:55 UTC | 2960 | IN | |
| 2023-03-17 14:07:55 UTC | 2976 | IN | |
| 2023-03-17 14:07:55 UTC | 2992 | IN | |
| 2023-03-17 14:07:55 UTC | 3008 | IN | |
| 2023-03-17 14:07:55 UTC | 3024 | IN | |
| 2023-03-17 14:07:55 UTC | 3040 | IN | |
| 2023-03-17 14:07:55 UTC | 3056 | IN | |
| 2023-03-17 14:07:55 UTC | 3072 | IN | |
| 2023-03-17 14:07:55 UTC | 3088 | IN | |
| 2023-03-17 14:07:55 UTC | 3104 | IN | |
| 2023-03-17 14:07:55 UTC | 3120 | IN | |
| 2023-03-17 14:07:55 UTC | 3136 | IN | |
| 2023-03-17 14:07:55 UTC | 3152 | IN | |
| 2023-03-17 14:07:55 UTC | 3168 | IN | |
| 2023-03-17 14:07:55 UTC | 3184 | IN | |
| 2023-03-17 14:07:55 UTC | 3200 | IN | |
| 2023-03-17 14:07:55 UTC | 3216 | IN | |
| 2023-03-17 14:07:55 UTC | 3232 | IN | |
| 2023-03-17 14:07:55 UTC | 3248 | IN | |
| 2023-03-17 14:07:55 UTC | 3264 | IN | |
| 2023-03-17 14:07:55 UTC | 3280 | IN | |
| 2023-03-17 14:07:55 UTC | 3296 | IN | |
| 2023-03-17 14:07:55 UTC | 3312 | IN | |
| 2023-03-17 14:07:55 UTC | 3328 | IN | |
| 2023-03-17 14:07:55 UTC | 3344 | IN | |
| 2023-03-17 14:07:55 UTC | 3360 | IN | |
| 2023-03-17 14:07:55 UTC | 3376 | IN | |
| 2023-03-17 14:07:55 UTC | 3392 | IN | |
| 2023-03-17 14:07:55 UTC | 3408 | IN | |
| 2023-03-17 14:07:55 UTC | 3424 | IN | |
| 2023-03-17 14:07:55 UTC | 3440 | IN | |
| 2023-03-17 14:07:55 UTC | 3456 | IN | |
| 2023-03-17 14:07:55 UTC | 3472 | IN | |
| 2023-03-17 14:07:55 UTC | 3488 | IN | |
| 2023-03-17 14:07:55 UTC | 3504 | IN | |
| 2023-03-17 14:07:55 UTC | 3520 | IN | |
| 2023-03-17 14:07:55 UTC | 3536 | IN | |
| 2023-03-17 14:07:55 UTC | 3552 | IN | |
| 2023-03-17 14:07:55 UTC | 3568 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 15:07:37 |
| Start date: | 17/03/2023 |
| Path: | C:\Users\user\Desktop\file.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 2806272 bytes |
| MD5 hash: | 50B28C8B39D65E49BE2873EF4FAE4955 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | Borland Delphi |
| Yara matches: |
|
| Reputation: | low |
| Target ID: | 1 |
| Start time: | 15:07:45 |
| Start date: | 17/03/2023 |
| Path: | C:\Windows\SysWOW64\rundll32.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xe0000 |
| File size: | 61952 bytes |
| MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | Borland Delphi |
| Yara matches: |
|
| Reputation: | high |
| Target ID: | 11 |
| Start time: | 15:08:20 |
| Start date: | 17/03/2023 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff749b50000 |
| File size: | 69632 bytes |
| MD5 hash: | 73C519F050C20580F8A62C849D49215A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | Borland Delphi |
| Reputation: | high |
Execution Graph
| Execution Coverage: | 1.5% |
| Dynamic/Decrypted Code Coverage: | 91.7% |
| Signature Coverage: | 21% |
| Total number of Nodes: | 205 |
| Total number of Limit Nodes: | 15 |
Graph
Function 000002633C9038A0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 149registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00650244 Relevance: 3.1, APIs: 2, Instructions: 84libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0065014E Relevance: 1.5, APIs: 1, Instructions: 33COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00650072 Relevance: 1.3, APIs: 1, Instructions: 91memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 16% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 43% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 68% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 53% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000002633C8FC1D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 59libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 15% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 50% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 91% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000002633C903650 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 138stringlibraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| C-Code - Quality: 55% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000002633C8FE430 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| C-Code - Quality: 58% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |