Edit tour
Windows
Analysis Report
OgcktrbHkI.exe
Overview
General Information
Sample name: | OgcktrbHkI.exerenamed because original name is a hash value |
Original sample name: | 35f519000ad078d242c0bce097c59b31.exe |
Analysis ID: | 1436353 |
MD5: | 35f519000ad078d242c0bce097c59b31 |
SHA1: | 41a3c859c36a4240a51e6ce17ab269e8d2728eb0 |
SHA256: | 1dc79692db8709e88fee042c5555f8432dc4638442887d8150b8b7c67f5f3eb2 |
Tags: | 32exetrojan |
Infos: | |
Detection
Tofsee
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected Tofsee
Adds extensions / path to Windows Defender exclusion list (Registry)
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Deletes itself after installation
Drops executables to the windows directory (C:\Windows) and starts them
Found API chain indicative of debugger detection
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the windows firewall
Sigma detected: Suspect Svchost Activity
Sigma detected: Suspicious New Service Creation
Uses netsh to modify the Windows network and firewall settings
Writes to foreign memory regions
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Extensive use of GetProcAddress (often used to hide API calls)
Found decision node followed by non-executed suspicious APIs
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
One or more processes crash
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: Windows Defender Exclusions Added - Registry
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara signature match
Classification
- System is w10x64
- OgcktrbHkI.exe (PID: 6672 cmdline:
"C:\Users\ user\Deskt op\Ogcktrb HkI.exe" MD5: 35F519000AD078D242C0BCE097C59B31) - cmd.exe (PID: 6796 cmdline:
"C:\Window s\System32 \cmd.exe" /C mkdir C :\Windows\ SysWOW64\k ofydeki\ MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 6820 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 6964 cmdline:
"C:\Window s\System32 \cmd.exe" /C move /Y "C:\Users \user\AppD ata\Local\ Temp\pspiz bvl.exe" C :\Windows\ SysWOW64\k ofydeki\ MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 7024 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 7148 cmdline:
"C:\Window s\System32 \sc.exe" c reate kofy deki binPa th= "C:\Wi ndows\SysW OW64\kofyd eki\pspizb vl.exe /d\ "C:\Users\ user\Deskt op\Ogcktrb HkI.exe\"" type= own start= au to Display Name= "wif i support" MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8) - conhost.exe (PID: 4428 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 3940 cmdline:
"C:\Window s\System32 \sc.exe" d escription kofydeki "wifi inte rnet conec tion" MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8) - conhost.exe (PID: 1436 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - sc.exe (PID: 2316 cmdline:
"C:\Window s\System32 \sc.exe" s tart kofyd eki MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8) - conhost.exe (PID: 1856 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - netsh.exe (PID: 6820 cmdline:
"C:\Window s\System32 \netsh.exe " advfirew all firewa ll add rul e name="Ho st-process for servi ces of Win dows" dir= in action= allow prog ram="C:\Wi ndows\SysW OW64\svcho st.exe" en able=yes>n ul MD5: 4E89A1A088BE715D6C946E55AB07C7DF) - conhost.exe (PID: 5440 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - WerFault.exe (PID: 7464 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 672 -s 648 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- pspizbvl.exe (PID: 3156 cmdline:
C:\Windows \SysWOW64\ kofydeki\p spizbvl.ex e /d"C:\Us ers\user\D esktop\Ogc ktrbHkI.ex e" MD5: B50406135DB8929E333AE2BDD1EE42FF) - svchost.exe (PID: 6912 cmdline:
svchost.ex e MD5: 1ED18311E3DA35942DB37D15FA40CC5B) - WerFault.exe (PID: 7276 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 3 156 -s 544 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- chrome.exe (PID: 6344 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7208 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2132 --fi eld-trial- handle=197 6,i,151189 4436022075 1254,15040 5546668229 5701,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- svchost.exe (PID: 7032 cmdline:
C:\Windows \System32\ svchost.ex e -k WerSv cGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A) - WerFault.exe (PID: 3940 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -pss -s 480 -p 31 56 -ip 315 6 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7112 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -pss -s 456 -p 66 72 -ip 667 2 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- svchost.exe (PID: 6996 cmdline:
C:\Windows \System32\ svchost.ex e -k netsv cs -p -s B ITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
- svchost.exe (PID: 7992 cmdline:
C:\Windows \System32\ svchost.ex e -k Local Service -p -s Licens eManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Tofsee | According to PCrisk, Tofsee (also known as Gheg) is a malicious Trojan-type program that is capable of performing DDoS attacks, mining cryptocurrency, sending emails, stealing various account credentials, updating itself, and more.Cyber criminals mainly use this program as an email-oriented tool (they target users' email accounts), however, having Tofsee installed can also lead to many other problems. | No Attribution |
{"C2 list": ["vanaheim.cn:443", "jotunheim.name:443"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Tofsee | Yara detected Tofsee | Joe Security | ||
Windows_Trojan_Tofsee_26124fe4 | unknown | unknown |
| |
MALWARE_Win_Tofsee | Detects Tofsee | ditekSHen |
| |
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
JoeSecurity_Tofsee | Yara detected Tofsee | Joe Security | ||
Click to see the 24 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_Tofsee_26124fe4 | unknown | unknown |
| |
MALWARE_Win_Tofsee | Detects Tofsee | ditekSHen |
| |
Windows_Trojan_Tofsee_26124fe4 | unknown | unknown |
| |
MALWARE_Win_Tofsee | Detects Tofsee | ditekSHen |
| |
JoeSecurity_Tofsee | Yara detected Tofsee | Joe Security | ||
Click to see the 39 entries |
System Summary |
---|
Source: | Author: David Burkett, @signalblur: |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: frack113: |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Christian Burkard (Nextron Systems): |
Source: | Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: |
Source: | Author: vburov: |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | URL Reputation: | ||
Source: | URL Reputation: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Compliance |
---|
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Change of critical system settings |
---|
Source: | Registry key created or modified: | Jump to behavior |
Networking |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00402A62 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Spam, unwanted Advertisements and Ransom Demands |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00408E26 |
Source: | Code function: | 0_2_00401280 |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_0040C913 | |
Source: | Code function: | 11_2_0040C913 | |
Source: | Code function: | 13_2_00CDC913 |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_00406A60 |
Source: | Code function: | 0_2_01C2046B |
Source: | Code function: | 0_2_00409A6B |
Source: | Code function: | 0_2_00409A6B | |
Source: | Code function: | 11_2_00409A6B | |
Source: | Code function: | 13_2_00CD9A6B |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Evasive API call chain: | graph_11-14996 |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00406069 |
Source: | Code function: | 0_2_01C23759 | |
Source: | Code function: | 0_2_01C1B1FA | |
Source: | Code function: | 0_2_01C1B4BA | |
Source: | Code function: | 11_2_01B4CDC1 |
Persistence and Installation Behavior |
---|
Source: | Executable created and started: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | Registry key value modified: | Jump to behavior |
Source: | Code function: | 0_2_00409A6B |
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File deleted: | Jump to behavior |
Source: | Code function: | 0_2_00401000 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Code function: | 13_2_00CD199C |
Source: | Decision node followed by non-executed suspicious API: | graph_0-15328 | ||
Source: | Decision node followed by non-executed suspicious API: | graph_11-16310 | ||
Source: | Decision node followed by non-executed suspicious API: | graph_13-6419 |
Source: | Evaded block: | graph_13-6144 |
Source: | Evasive API call chain: | graph_13-6711 | ||
Source: | Evasive API call chain: | graph_11-15616 | ||
Source: | Evasive API call chain: | graph_0-15286 |
Source: | Evasive API call chain: | graph_13-7423 |
Source: | Evasive API call chain: | graph_13-6174 | ||
Source: | Evasive API call chain: | graph_11-15011 | ||
Source: | Evasive API call chain: | graph_0-14859 |
Source: | API coverage: | ||
Source: | API coverage: |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_00401D96 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-15288 | ||
Source: | API call chain: | graph_13-6178 | ||
Source: | API call chain: | graph_13-6437 |
Anti Debugging |
---|
Source: | Debugger detection routine: | graph_11-16371 |
Source: | Code function: | 0_2_00406069 |
Source: | Code function: | 0_2_01BA0D90 | |
Source: | Code function: | 0_2_01BA092B | |
Source: | Code function: | 0_2_01C1FD48 | |
Source: | Code function: | 11_2_01B493B0 | |
Source: | Code function: | 11_2_0231092B | |
Source: | Code function: | 11_2_02310D90 |
Source: | Code function: | 0_2_0040EBCC |
Source: | Code function: | 0_2_00409A6B | |
Source: | Code function: | 11_2_00409A6B | |
Source: | Code function: | 13_2_00CD9A6B |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00407809 |
Source: | Code function: | 0_2_00406EDD |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_0040405E |
Source: | Code function: | 0_2_0040EC54 |
Source: | Code function: | 0_2_00407809 |
Source: | Code function: | 0_2_0040B211 |
Source: | Code function: | 0_2_00409326 |
Lowering of HIPS / PFW / Operating System Security Settings |
---|
Source: | Process created: |
Source: | Process created: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_004088B0 | |
Source: | Code function: | 11_2_004088B0 | |
Source: | Code function: | 13_2_00CD88B0 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 1 Valid Accounts | 41 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 3 Disable or Modify Tools | OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | 1 Valid Accounts | 1 Valid Accounts | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | Data from Removable Media | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 3 Service Execution | 14 Windows Service | 1 Access Token Manipulation | 2 Obfuscated Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 14 Windows Service | 2 Software Packing | NTDS | 25 System Information Discovery | Distributed Component Object Model | Input Capture | 114 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 412 Process Injection | 1 DLL Side-Loading | LSA Secrets | 221 Security Software Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 File Deletion | Cached Domain Credentials | 12 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 12 Masquerading | DCSync | 1 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Valid Accounts | Proc Filesystem | 1 System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 12 Virtualization/Sandbox Evasion | /etc/passwd and /etc/shadow | 1 System Network Configuration Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 1 Access Token Manipulation | Network Sniffing | Network Service Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Network Security Appliances | Domains | Compromise Software Dependencies and Development Tools | AppleScript | Launchd | Launchd | 412 Process Injection | Input Capture | System Network Connections Discovery | Software Deployment Tools | Remote Data Staging | Mail Protocols | Exfiltration Over Unencrypted Non-C2 Protocol | Firmware Corruption |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
44% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1311176 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Crypt.EPACK.Gen2 | ||
100% | Joe Sandbox ML | |||
45% | Virustotal | Browse | ||
45% | Virustotal | Browse |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
15% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
mta6.am0.yahoodns.net | 67.195.228.110 | true | true |
| unknown |
mxs.mail.ru | 217.69.139.150 | true | false | high | |
plus.l.google.com | 142.250.176.14 | true | false | high | |
www3.l.google.com | 142.250.72.174 | true | false | high | |
play.google.com | 142.250.189.14 | true | false | high | |
www.google.com | 142.250.217.132 | true | false | high | |
microsoft-com.mail.protection.outlook.com | 104.47.53.36 | true | false | high | |
vanaheim.cn | 109.107.161.150 | true | true |
| unknown |
smtp.google.com | 74.125.137.26 | true | false | high | |
google.com | unknown | unknown | false | high | |
ogs.google.com | unknown | unknown | false | high | |
yahoo.com | unknown | unknown | false | high | |
mail.ru | unknown | unknown | false | high | |
apis.google.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
true |
| unknown | |
false | high | ||
false | high | ||
true |
| unknown | |
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
109.107.161.150 | vanaheim.cn | Russian Federation | 49973 | TELEPORT-TV-ASRU | true | |
217.69.139.150 | mxs.mail.ru | Russian Federation | 47764 | MAILRU-ASMailRuRU | false | |
74.125.137.26 | smtp.google.com | United States | 15169 | GOOGLEUS | false | |
104.47.53.36 | microsoft-com.mail.protection.outlook.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
142.250.217.132 | www.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.176.14 | plus.l.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
67.195.228.110 | mta6.am0.yahoodns.net | United States | 36647 | YAHOO-GQ1US | true | |
142.250.72.174 | www3.l.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.189.14 | play.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
127.0.0.1 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1436353 |
Start date and time: | 2024-05-04 15:20:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 56s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 28 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | OgcktrbHkI.exerenamed because original name is a hash value |
Original Sample Name: | 35f519000ad078d242c0bce097c59b31.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@51/39@20/12 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 142.250.72.131, 142.250.188.238, 74.125.137.84, 34.104.35.123, 172.217.14.67, 20.231.239.246, 20.112.250.133, 20.236.44.162, 20.76.201.171, 20.70.246.20, 23.3.84.131, 199.232.210.172, 192.229.211.108, 172.217.12.131, 142.250.176.3, 142.250.72.163, 142.250.189.3, 142.251.40.46
- Excluded domains from analysis (whitelisted): clients1.google.com, ssl.gstatic.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, e16604.g.akamaiedge.net, update.googleapis.com, clients.l.google.com, www.gstatic.com, microsoft.com, prod.fs.microsoft.com.akadns.net
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtEnumerateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
15:20:59 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | LockBit ransomware, PureLog Stealer | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse | |||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
217.69.139.150 | Get hash | malicious | Pushdo | Browse | ||
Get hash | malicious | Pushdo | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Pushdo | Browse | |||
Get hash | malicious | Pushdo | Browse | |||
Get hash | malicious | Pushdo | Browse | |||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Pushdo | Browse | |||
Get hash | malicious | Pushdo | Browse | |||
Get hash | malicious | Pushdo | Browse | |||
67.195.228.110 | Get hash | malicious | Phorpiex | Browse | ||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Phorpiex | Browse | |||
Get hash | malicious | Phorpiex, Xmrig | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Tofsee Xmrig | Browse | |||
Get hash | malicious | Raccoon RedLine SmokeLoader Tofsee Vidar Xmrig | Browse | |||
104.47.53.36 | Get hash | malicious | Tofsee | Browse | ||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Tofsee | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
mta6.am0.yahoodns.net | Get hash | malicious | Phorpiex | Browse |
| |
Get hash | malicious | Phorpiex | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
microsoft-com.mail.protection.outlook.com | Get hash | malicious | Tofsee | Browse |
| |
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
vanaheim.cn | Get hash | malicious | Tofsee | Browse |
| |
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
Get hash | malicious | Tofsee | Browse |
| ||
mxs.mail.ru | Get hash | malicious | Pushdo | Browse |
| |
Get hash | malicious | Pushdo | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phorpiex | Browse |
| ||
Get hash | malicious | Pushdo | Browse |
| ||
Get hash | malicious | Phorpiex, Xmrig | Browse |
| ||
Get hash | malicious | Pushdo, DanaBot, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Pushdo, DanaBot, SmokeLoader | Browse |
| ||
Get hash | malicious | Pushdo | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
TELEPORT-TV-ASRU | Get hash | malicious | CredGrabber, PureLog Stealer | Browse |
| |
Get hash | malicious | CredGrabber, PureLog Stealer | Browse |
| ||
Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
Get hash | malicious | DCRat | Browse |
| ||
Get hash | malicious | CredGrabber, Meduza Stealer, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | CredGrabber, Meduza Stealer, PureLog Stealer | Browse |
| ||
Get hash | malicious | CredGrabber, PureLog Stealer | Browse |
| ||
Get hash | malicious | CredGrabber, PureLog Stealer, zgRAT | Browse |
| ||
MAILRU-ASMailRuRU | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Anubis BankBot | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
YAHOO-GQ1US | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Okiru | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Moobot | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | LummaC, Amadey, LummaC Stealer, Mars Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | LockBit ransomware, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1310720 |
Entropy (8bit): | 1.3277036929714994 |
Encrypted: | false |
SSDEEP: | 3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrM:KooCEYhgYEL0In |
MD5: | EE3F3F77F324488AA4568A17CD2EF7F6 |
SHA1: | 27811C94101482C3F7D9BB111447E85C550E1EA1 |
SHA-256: | 416BE34422EB8D668E6D3D9B8B8E64510442623E55085E95C40A9DD9568A8C0E |
SHA-512: | 9378B5060A8EFDA0763A14322108F1915295C2F8EB11270BE58E120C2A9C681D9C1B95D62354A1839BC882F604B682FE70323DBE944C80A7BE8D16B4A81767EA |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1310720 |
Entropy (8bit): | 0.42210152543902413 |
Encrypted: | false |
SSDEEP: | 1536:xSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:xaza/vMUM2Uvz7DO |
MD5: | 1B2EE00520C8EF37E25C211C701EB1B0 |
SHA1: | AB4ADB81F23066A94A91FC5C3F7CFFC7FF959BCA |
SHA-256: | 7EB2EB0FC940B53DE1253F83AAE2B69AFEABF45AA3DD21D4BB3B1D5E5049453B |
SHA-512: | 40CA2A17A10E526F2C0EC64B1D2ED7E4E0196FA85844219721DD43F36236B39D97223D90F8A89D4DB233B259DD270886219DF2D873A0C8D3AB2C267625D14D19 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.07522799253122159 |
Encrypted: | false |
SSDEEP: | 3:uggXKYeSdhlAjjn13a/S8ThtillcVO/lnlZMxZNQl:uggXKz0bAj53qS8TaOewk |
MD5: | 8D31AA9093F9436BB3E44D7372299AD9 |
SHA1: | C31C13DA442566DF5B56A841940749736F958F99 |
SHA-256: | 6003469EA60D53A6038AF4B9F847B9999C7762E20EDA0AE9D28C57DA15333851 |
SHA-512: | CB44F125874B6FA3A52D07C983104B8229DDF8ADFA93B03B91A975832E24278EE72D730AEA0227408837363FD5062DFD2643E1A6D2B7F94CCB7AAF3087C1F64E |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\OgcktrbHkI.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14476288 |
Entropy (8bit): | 5.31278696874138 |
Encrypted: | false |
SSDEEP: | 24576:Jc4Rz2LgMvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv:zRz2c |
MD5: | B50406135DB8929E333AE2BDD1EE42FF |
SHA1: | 16305C9EC4589A84EC96FEC9CC7EAF05D99A79CF |
SHA-256: | CD7849F93D395A35D766C01B9D1077B5026D33B030CC8EB3CC2FF389B8431C87 |
SHA-512: | 63D679AA3D40ED6575FEDD6A244FA09B0B3DA98F380BF99F5C8E6A0C1520CDD299711311ADBB24B4FA2703320A95AEFED8B9EB26D3525032DE6343167C1CC5E1 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 55 |
Entropy (8bit): | 4.306461250274409 |
Encrypted: | false |
SSDEEP: | 3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y |
MD5: | DCA83F08D448911A14C22EBCACC5AD57 |
SHA1: | 91270525521B7FE0D986DB19747F47D34B6318AD |
SHA-256: | 2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9 |
SHA-512: | 96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14476288 |
Entropy (8bit): | 5.31278696874138 |
Encrypted: | false |
SSDEEP: | 24576:Jc4Rz2LgMvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv:zRz2c |
MD5: | B50406135DB8929E333AE2BDD1EE42FF |
SHA1: | 16305C9EC4589A84EC96FEC9CC7EAF05D99A79CF |
SHA-256: | CD7849F93D395A35D766C01B9D1077B5026D33B030CC8EB3CC2FF389B8431C87 |
SHA-512: | 63D679AA3D40ED6575FEDD6A244FA09B0B3DA98F380BF99F5C8E6A0C1520CDD299711311ADBB24B4FA2703320A95AEFED8B9EB26D3525032DE6343167C1CC5E1 |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 184072 |
Entropy (8bit): | 5.457813410298979 |
Encrypted: | false |
SSDEEP: | 3072:LaXH2HHSBV2qoSKRd8mQ3jfA8j3yViKE5rmVqpzE:NHgxohRdUfFyQKEnpzE |
MD5: | E5FCBC4D28FD8054A03E23C62057111F |
SHA1: | A25AB167CC29D60286E7E3EEAEA77DEC677190C4 |
SHA-256: | 52094E235144F4EFBB9873F05AC25F1E9ADF0F5BD513B6FC4D9E0499331B3486 |
SHA-512: | 7AEEC24270661E4658CB9DC19C075B71E5EDDC22859B1269529EFC0F159F165BE680D2D864BDF4D41B937556D72ED5B4F65011205D80D55EBFED05155753CA1E |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g.es5.O/am=EGDQuQMg/d=1/excm=_b,_tp,appwidgetnoauthview/ed=1/dg=0/wt=2/ujg=1/rs=AM-SdHvRM4rmzL0TklJKtWu6JILwVFGwEg/m=_b,_tp" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 163286 |
Entropy (8bit): | 5.544045381504343 |
Encrypted: | false |
SSDEEP: | 3072:CMiFOP4roKgkk/EFZMQbxjZW1BKo6JMI6l0nt8Uv1ziwtXOmDsY+WwYLF/HrY7+A:CMiroKfbMQbxjZW1BKo6JMI6l0nt8Uvq |
MD5: | 9D9987F6E83F101A097A0BD64A14C71B |
SHA1: | E71E10897E0E874DE4D12125D5DF2F7FCE08F585 |
SHA-256: | D0975FC00A61201A54714BE8DF5E50F02B277E133BA08ABD9DEEA33934FA28A9 |
SHA-512: | 5AE557145F0E0FF3E768AFC63B3E4855F53DCA49D46A22ACB169CC6DC58FF2B11C776B419141EB12C8B0CF7BBD16E928F9EE5AF5014DD976130B00A1995B325E |
Malicious: | false |
URL: | "https://www.gstatic.com/og/_/js/k=og.qtm.en_US.Ics7SFQVxbg.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTtpRznzVJk75Y4TcT-zpGGUjebtAg" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3188 |
Entropy (8bit): | 5.8365715329833385 |
Encrypted: | false |
SSDEEP: | 96:9KUelimIN6666VD11q5h/5w0jbP5He2FXvF79XffffQo:9KBsN6666VDe5h/5PhHe2ZJ9b |
MD5: | 5AEAB4B89584FAF631800183D6BD349D |
SHA1: | 6B6F87DC2B2ADBD3FA93D46D7CCD42396CA577AA |
SHA-256: | D88F87E24EC47E377469C0DB0984C81FB5ADDF653F90A641E13CF24770BCE361 |
SHA-512: | 99CC85A03E23D77B72F9F70CBE37C49A55FB6BD253A6ABFB84B7ABEB6AB7D06ABF7DBE41820265B05E1F2C8A13CB4B815A71C1A73BB2AE485BC2735BDC9A5C81 |
Malicious: | false |
URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 137432 |
Entropy (8bit): | 7.981759932974614 |
Encrypted: | false |
SSDEEP: | 3072:SWkkEsWBwvkw/2i4fhpATVmE6383x4L6EWL3UQ7lE7sPE:SVAwwswerUv3S4nhdPE |
MD5: | 387ED93F42803B1EC6697E3B57FBCEF0 |
SHA1: | 2EA8A5BFBF99144BD0EBAEBE60AC35406A8B613E |
SHA-256: | 982AAC952E2C938BD55550D0409ECE5F4430D38F370161D8318678FA25316587 |
SHA-512: | 7C90F69A53E49BAD03C4CEFD9868B4C4BA145E5738218E8C445FF6AE5347153E3A2F2B918CBE184B0366AFD53B984634D2894FEA6F31A4603E58CCB6BFA5C625 |
Malicious: | false |
URL: | https://ssl.gstatic.com/gb/images/sprites/p_2x_387ed93f4280.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 29 |
Entropy (8bit): | 3.9353986674667634 |
Encrypted: | false |
SSDEEP: | 3:VQAOx/1n:VQAOd1n |
MD5: | 6FED308183D5DFC421602548615204AF |
SHA1: | 0A3F484AAA41A60970BA92A9AC13523A1D79B4D5 |
SHA-256: | 4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D |
SHA-512: | A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5 |
Malicious: | false |
URL: | https://www.google.com/async/newtab_promos |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3572 |
Entropy (8bit): | 5.140651484312947 |
Encrypted: | false |
SSDEEP: | 48:vZUJVKLICJEconBdpZUvGCUvGULHg7OTehn5hsbrc7g8IO8u0Y8D2n:yJYI/coXqCg7OSfg8IO8uB8D2n |
MD5: | 122C0858F7D38991F14E5ADC6BDB3C3B |
SHA1: | FFC64755EB42990A73C4878426A641CFB94B57EE |
SHA-256: | 06D1296A6F6611AC795B27882FE88823EE857D0F49F7018CF00C6A199976DC0D |
SHA-512: | 149A1FB533C8C7D5EA363B80982DC1EC4C39E5EF9BB37E45BC80E105B18C3FA4DC610449BBD70DE9B9AC7339FEBBBD4FF76C2A9D1FD104D1943A386539AC4D44 |
Malicious: | false |
URL: | "https://www.gstatic.com/og/_/ss/k=og.qtm.RS0dNtaZmo0.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTuhe2hCYlalU7rKCW-qT_-zMhVRaw" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 137077 |
Entropy (8bit): | 5.441424088159115 |
Encrypted: | false |
SSDEEP: | 1536:jdGuEyNn2zuFRDP6nWysx3DMqPKnrzNSpGiV1p+RHPGb4guje18jZRLM9rZxMkPr:DLnoap3DTKnrQpG4nQUduZ6ZxMkmwXd |
MD5: | 4B78E2A0E5BAF050D8EDF97BE9CEE75F |
SHA1: | 8C4C54AF17247898E9FA012589CA516EFCB27C05 |
SHA-256: | A1CDA0D03D19A9C08E2C4328B2DB277169173BA25F23A8F913609AD4235AC145 |
SHA-512: | DBDF355688AEB57D29557A6D9B74A574F7B5C2C30F55B998F196790C7C960A7A9908E36416C8DF8839AFC99D418FBB0563D6DB6107AD81AB42FAE69D7D310D64 |
Malicious: | false |
URL: | https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1424 |
Entropy (8bit): | 5.31660097498527 |
Encrypted: | false |
SSDEEP: | 24:kWfS+Xg1QmYTY29/RbFTVebYaThG8VgI4+O6tp41SZGbwfKGbeZPx/sMGOwsNEZ9:ZfS+wmmc/bFpw/A8R3fpWgGb+KGbipsZ |
MD5: | 13D1BE6BC9AA2CA332D553D2D4491DE1 |
SHA1: | F7E7A540E69006ED7470EB2AED4EF19BE4A1AF0C |
SHA-256: | 4C205DD66FDACFF32EB2B63273FB74DB1E29DBD5C9B97F0F6641378174257F39 |
SHA-512: | A1DD99D4ED179D4FA138A7C500589896F3A5DA06758ED72F67D05243519FB5EADF2184D9B67F0F9337FF55B5F5982D93245A8FF41E6F8F1D619CAC8D47C9FF4A |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g.es5.O/ck=boq-one-google.OneGoogleWidgetUi.tmXdt9lP4MI.L.B1.O/am=EGDQuQMg/d=1/exm=A7fCU,BVgquf,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,RqjULd,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aDfbSd,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,appwidgetnoauthview/ed=1/wt=2/ujg=1/rs=AM-SdHuoOol6PGq-lFlTYeoE9lb9o902mQ/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=bm51tf" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 137432 |
Entropy (8bit): | 7.981759932974614 |
Encrypted: | false |
SSDEEP: | 3072:SWkkEsWBwvkw/2i4fhpATVmE6383x4L6EWL3UQ7lE7sPE:SVAwwswerUv3S4nhdPE |
MD5: | 387ED93F42803B1EC6697E3B57FBCEF0 |
SHA1: | 2EA8A5BFBF99144BD0EBAEBE60AC35406A8B613E |
SHA-256: | 982AAC952E2C938BD55550D0409ECE5F4430D38F370161D8318678FA25316587 |
SHA-512: | 7C90F69A53E49BAD03C4CEFD9868B4C4BA145E5738218E8C445FF6AE5347153E3A2F2B918CBE184B0366AFD53B984634D2894FEA6F31A4603E58CCB6BFA5C625 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3506 |
Entropy (8bit): | 5.552607887805469 |
Encrypted: | false |
SSDEEP: | 96:86yHtxMPvVSbAtxNYiSJ6vq67scSlIcBfGx:FwIOT6LsHIIc |
MD5: | 593442F87585F1132C36467C73BFE543 |
SHA1: | BA98753092124B479848B1E1F21E6061AA2AF023 |
SHA-256: | AC97464705BCFF9AF73D579E851C12940AAF8C11B31B6306B1C1163CEE904CCA |
SHA-512: | 0552B2EC488E8C5BC03EE6A5A861D202980309E6C99B35891EEAD33319054BB91CA439ECF8C5E1402EC51AB30399F5265BB63838A5249A3487EDBA30F2807417 |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g.es5.O/ck=boq-one-google.OneGoogleWidgetUi.tmXdt9lP4MI.L.B1.O/am=EGDQuQMg/d=1/exm=A7fCU,BVgquf,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,RqjULd,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aDfbSd,aW3pY,aurFic,bm51tf,byfTOb,e5qFLc,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,appwidgetnoauthview/ed=1/wt=2/ujg=1/rs=AM-SdHuoOol6PGq-lFlTYeoE9lb9o902mQ/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,WhJNk" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 15344 |
Entropy (8bit): | 7.984625225844861 |
Encrypted: | false |
SSDEEP: | 384:ctE5KIuhGO+DSdXwye6i9Xm81v4vMHCbppV0pr3Ll9/w:cqrVO++tw/9CICFbQLlxw |
MD5: | 5D4AEB4E5F5EF754E307D7FFAEF688BD |
SHA1: | 06DB651CDF354C64A7383EA9C77024EF4FB4CEF8 |
SHA-256: | 3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC |
SHA-512: | 7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48 |
Malicious: | false |
URL: | https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 264743 |
Entropy (8bit): | 5.479126042995795 |
Encrypted: | false |
SSDEEP: | 3072:XdPMHc2NQzfk5eINolYDt6QYGfOvNoK42TCboc:yNQz4NolQwQz2lVZmboc |
MD5: | 951F5CB1728D3C62E6006801A61D2BE3 |
SHA1: | 3B9B0CD9203226263F8E32B336ADC5532E54A308 |
SHA-256: | A50889187D77C8E3E0439A0D5C155159EAA7A3DBEC35111D7131EC88C0A228F7 |
SHA-512: | E030EBF4A1683F176C1873DAD0B717D307253CC0EA1D40BF39F22E3B95C71FCD58907A6B1DFE9F9740FBE1303C59DF1FE70E4B102BFA86269EC49AAA29664FB8 |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g.es5.O/ck=boq-one-google.OneGoogleWidgetUi.tmXdt9lP4MI.L.B1.O/am=EGDQuQMg/d=1/exm=_b,_tp/excm=_b,_tp,appwidgetnoauthview/ed=1/wt=2/ujg=1/rs=AM-SdHuoOol6PGq-lFlTYeoE9lb9o902mQ/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,fKUV3e,aurFic,U0aPgd,ZwDk9d,V3dDOb,mI3LFb,aDfbSd,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,OmgaI,lazG7b,XVMNvd,L1AAkb,KUM7Z,Mlhmy,s39S4,lwddkf,gychg,w9hDv,EEDORb,RMhBfe,SdcwHb,aW3pY,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,mdR7q,wmnU7d,xQtZb,JNoxi,kWgXee,MI6k7c,kjKdXe,BVgquf,QIhFr,ovKuLd,hKSk3e,yDVVkb,hc6Ubd,SpsfSb,KG2eXe,Z5uLle,MdUzUe,VwDzFe,zbML3c,A7fCU,zr1jrb,Uas9Hd,pjICDe" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1660 |
Entropy (8bit): | 4.301517070642596 |
Encrypted: | false |
SSDEEP: | 48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD |
MD5: | 554640F465EB3ED903B543DAE0A1BCAC |
SHA1: | E0E6E2C8939008217EB76A3B3282CA75F3DC401A |
SHA-256: | 99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52 |
SHA-512: | 462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0 |
Malicious: | false |
URL: | https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 121628 |
Entropy (8bit): | 5.506662476672723 |
Encrypted: | false |
SSDEEP: | 3072:QI9yvwslCsrCF9f/U2Dj3Fkk7rEehA5L1kx:l9ygsrieDkVaL1kx |
MD5: | F46ACD807A10216E6EEE8EA51E0F14D6 |
SHA1: | 4702F47070F7046689432DCF605F11364BC0FBED |
SHA-256: | D6B84873D27E7E83CF5184AAEF778F1CCB896467576CD8AF2CAD09B31B3C6086 |
SHA-512: | 811263DC85C8DAA3A6E5D8A002CCCB953CD01E6A77797109835FE8B07CABE0DEE7EB126274E84266229880A90782B3B016BA034E31F0E3B259BF9E66CA797028 |
Malicious: | false |
URL: | "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1555 |
Entropy (8bit): | 5.249530958699059 |
Encrypted: | false |
SSDEEP: | 24:hY6svN/6zSU6pedQf3Zvcn1BZdAe1nCr1LTHI5z1sW:3qN/2+pUAew85zf |
MD5: | FBE36EB2EECF1B90451A3A72701E49D2 |
SHA1: | AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D |
SHA-256: | E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63 |
SHA-512: | 7B1FD6CF34C26AF2436AF61A1DE16C9DBFB4C43579A9499F4852A7848F873BAC15BEEEA6124CF17F46A9F5DD632162364E0EC120ACA5F65E7C5615FF178A248F |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 18834 |
Entropy (8bit): | 5.407489764960331 |
Encrypted: | false |
SSDEEP: | 384:aRFPTuu4q5oOTm1j8B0K5WXv/8bU2wnO/mgzI4QSIZ0n9vDBTTY0TXCnh/9Clf9c:a/Tuu4q5oOTLB0K5WXv/8bU2wnO/mgze |
MD5: | 676CD2F5702D832A1E3E2F08257FEB37 |
SHA1: | 1019B84107A8F84A77A651BDCBE0A7F425DE3661 |
SHA-256: | F58B6E0D4393A8BB15423EC49867875FB38EB820E0A7D13A7E80F4DCE7EB342E |
SHA-512: | FF43FA6A37CE55F660052AE71F9301064638BC6D14F0DE8161E3E4E9C66D7CC5BE72D752540031BFF801228F905DDBA515DFAE15DFC6AAAC0654691C2A0AE365 |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g.es5.O/ck=boq-one-google.OneGoogleWidgetUi.tmXdt9lP4MI.L.B1.O/am=EGDQuQMg/d=1/exm=A7fCU,BVgquf,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aDfbSd,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,appwidgetnoauthview/ed=1/wt=2/ujg=1/rs=AM-SdHuoOol6PGq-lFlTYeoE9lb9o902mQ/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=RqjULd" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 53487 |
Entropy (8bit): | 5.7389274800710295 |
Encrypted: | false |
SSDEEP: | 768:+ImEghhvpu75y1C6kb02aFe04FV6HbWb1wYpIZQzFJ/N4SxkAyvA:RA1CwbW+mI019xovA |
MD5: | 6CD454A7EC68230B6D021CA33F5D1C9D |
SHA1: | DE2D3D027A71FEC4FC9E1E8598D8511526D7BAA0 |
SHA-256: | AA5809F08CA7433146FC57994CF863787C8E5FBF86C34DC7267E26E010FBDD9F |
SHA-512: | 0D46D5C49037D0C8DB4069D18F5CCB54E8AFFC9CC7406EB1C60BDF3FBE7647C0A98C0AF7C528675F80871BA0D4ABC88B3DCB4AB3D269ADEE5AEB4337F13BA044 |
Malicious: | false |
URL: | https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en |
Preview: |
Process: | C:\Windows\SysWOW64\netsh.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3773 |
Entropy (8bit): | 4.7109073551842435 |
Encrypted: | false |
SSDEEP: | 48:VHILZNfrI7WFY32iIiNOmV/HToZV9It199hiALlIg39bWA1RvTBi/g2eB:VoLr0y9iIiNOoHTou7bhBlIydWALLt2w |
MD5: | DA3247A302D70819F10BCEEBAF400503 |
SHA1: | 2857AA198EE76C86FC929CC3388A56D5FD051844 |
SHA-256: | 5262E1EE394F329CD1F87EA31BA4A396C4A76EDC3A87612A179F81F21606ABC8 |
SHA-512: | 48FFEC059B4E88F21C2AA4049B7D9E303C0C93D1AD771E405827149EDDF986A72EF49C0F6D8B70F5839DCDBD6B1EA8125C8B300134B7F71C47702B577AD090F8 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.644490421223367 |
TrID: |
|
File name: | OgcktrbHkI.exe |
File size: | 334'336 bytes |
MD5: | 35f519000ad078d242c0bce097c59b31 |
SHA1: | 41a3c859c36a4240a51e6ce17ab269e8d2728eb0 |
SHA256: | 1dc79692db8709e88fee042c5555f8432dc4638442887d8150b8b7c67f5f3eb2 |
SHA512: | 260f2efe4757c518f96269ba3a3fd5b5c603fa6a52d9c0d976222158609911004ce48df4e75298c11de67ea29d91969f217986e4c0f1b83bb2f5d2a43a772997 |
SSDEEP: | 3072:KLTZ5XJKQsp6NU4tqwCyc40r+oeHpmCR54kDSWegJSVE+Er20L4fdoiKuIov5QId:KbCt44p40rqHPbDb86r2LiNovrb/a |
TLSH: | 53645A83E3D17D51E5268B32AE1F86E4366DF9618E1D7B2F722CAA1F14700B1C263B51 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........r.....................................................?g..............?g......Rich....................PE..L...r..d........... |
Icon Hash: | 53256551494d710d |
Entrypoint: | 0x4040e2 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6482FD72 [Fri Jun 9 10:22:42 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 8c46e70ae529243985f9b527b4223811 |
Instruction |
---|
call 00007F893D0928E5h |
jmp 00007F893D08D564h |
cmp ecx, dword ptr [00419408h] |
jne 00007F893D08D6E4h |
rep ret |
jmp 00007F893D092E75h |
push ebp |
mov ebp, esp |
sub esp, 20h |
push esi |
push edi |
push 00000008h |
pop ecx |
mov esi, 00413058h |
lea edi, dword ptr [ebp-20h] |
rep movsd |
mov esi, dword ptr [ebp+0Ch] |
mov edi, dword ptr [ebp+08h] |
test esi, esi |
je 00007F893D08D6F5h |
test byte ptr [esi], 00000010h |
je 00007F893D08D6F0h |
mov ecx, dword ptr [edi] |
sub ecx, 04h |
push ecx |
mov eax, dword ptr [ecx] |
mov esi, dword ptr [eax+18h] |
call dword ptr [eax+20h] |
mov dword ptr [ebp-08h], edi |
mov dword ptr [ebp-04h], esi |
test esi, esi |
je 00007F893D08D6EEh |
test byte ptr [esi], 00000008h |
je 00007F893D08D6E9h |
mov dword ptr [ebp-0Ch], 01994000h |
lea eax, dword ptr [ebp-0Ch] |
push eax |
push dword ptr [ebp-10h] |
push dword ptr [ebp-1Ch] |
push dword ptr [ebp-20h] |
call dword ptr [004120B8h] |
pop edi |
pop esi |
mov esp, ebp |
pop ebp |
retn 0008h |
push eax |
push dword ptr fs:[00000000h] |
lea eax, dword ptr [esp+0Ch] |
sub esp, dword ptr [esp+0Ch] |
push ebx |
push esi |
push edi |
mov dword ptr [eax], ebp |
mov ebp, eax |
mov eax, dword ptr [00419408h] |
xor eax, ebp |
push eax |
mov dword ptr [ebp-10h], esp |
push dword ptr [ebp-04h] |
mov dword ptr [ebp-04h], FFFFFFFFh |
lea eax, dword ptr [ebp-0Ch] |
mov dword ptr fs:[00000000h], eax |
ret |
push ebp |
mov ebp, esp |
push esi |
cld |
mov esi, dword ptr [ebp+0Ch] |
mov ecx, dword ptr [esi+08h] |
xor ecx, esi |
call 00007F893D08D62Bh |
push 00000000h |
push esi |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x184e4 | 0x3c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x15f8000 | 0x22d30 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x18520 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x179b8 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x12000 | 0x188 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x10c65 | 0x10e00 | ca2ae006464ad4dd687d4cdac0431d31 | False | 0.6018807870370371 | data | 6.696247910531625 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x12000 | 0x6db8 | 0x6e00 | b527d95631608a07ca0f092f718a1ae6 | False | 0.3915127840909091 | data | 4.749698531330876 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x19000 | 0x15de6c0 | 0x16c00 | 9c9c168a9495ea7819ef496b9e57a22d | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x15f8000 | 0x22d30 | 0x22e00 | 70695cd905c427d7b1b95218c3fbb214 | False | 0.45000980062724016 | data | 5.271554303929021 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x1617ca8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.26439232409381663 | ||
RT_CURSOR | 0x1618b50 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.3686823104693141 | ||
RT_CURSOR | 0x16193f8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.49060693641618497 | ||
RT_ICON | 0x15f8a90 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.3696695095948827 | ||
RT_ICON | 0x15f9938 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.45938628158844763 | ||
RT_ICON | 0x15fa1e0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | 0.45564516129032256 | ||
RT_ICON | 0x15fa8a8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.45447976878612717 | ||
RT_ICON | 0x15fae10 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.2687759336099585 | ||
RT_ICON | 0x15fd3b8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | 0.3062851782363977 | ||
RT_ICON | 0x15fe460 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | 0.35815602836879434 | ||
RT_ICON | 0x15fe930 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.56636460554371 | ||
RT_ICON | 0x15ff7d8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.5473826714801444 | ||
RT_ICON | 0x1600080 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.6170520231213873 | ||
RT_ICON | 0x16005e8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.4628630705394191 | ||
RT_ICON | 0x1602b90 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | 0.48827392120075047 | ||
RT_ICON | 0x1603c38 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | 0.49631147540983606 | ||
RT_ICON | 0x16045c0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | 0.449468085106383 | ||
RT_ICON | 0x1604a90 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.4256396588486141 | ||
RT_ICON | 0x1605938 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.4927797833935018 | ||
RT_ICON | 0x16061e0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | 0.5921658986175116 | ||
RT_ICON | 0x16068a8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.5180635838150289 | ||
RT_ICON | 0x1606e10 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.46856846473029046 | ||
RT_ICON | 0x16093b8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | 0.4821763602251407 | ||
RT_ICON | 0x160a460 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | 0.48565573770491804 | ||
RT_ICON | 0x160ade8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | 0.5212765957446809 | ||
RT_ICON | 0x160b2c8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.49173773987206826 | ||
RT_ICON | 0x160c170 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.4684115523465704 | ||
RT_ICON | 0x160ca18 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.440028901734104 | ||
RT_ICON | 0x160cf80 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | 0.2794605809128631 | ||
RT_ICON | 0x160f528 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | 0.2879924953095685 | ||
RT_ICON | 0x16105d0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | 0.3061475409836066 | ||
RT_ICON | 0x1610f58 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | 0.33156028368794327 | ||
RT_ICON | 0x1611428 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | 0.4107142857142857 | ||
RT_ICON | 0x16122d0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | 0.5947653429602888 | ||
RT_ICON | 0x1612b78 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | 0.6509216589861752 | ||
RT_ICON | 0x1613240 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | 0.6329479768786127 | ||
RT_ICON | 0x16137a8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | 0.5797717842323652 | ||
RT_ICON | 0x1615d50 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.6186679174484052 | ||
RT_ICON | 0x1616df8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | 0.589344262295082 | ||
RT_ICON | 0x1617780 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.6835106382978723 | ||
RT_DIALOG | 0x1619c18 | 0x5a | data | 0.8666666666666667 | ||
RT_STRING | 0x1619c78 | 0x4b2 | data | 0.44342762063227953 | ||
RT_STRING | 0x161a130 | 0x56a | data | 0.4379509379509379 | ||
RT_STRING | 0x161a6a0 | 0x68e | data | 0.4237187127532777 | ||
RT_ACCELERATOR | 0x1617c60 | 0x48 | data | 0.8333333333333334 | ||
RT_GROUP_CURSOR | 0x1619960 | 0x30 | data | 0.9375 | ||
RT_GROUP_ICON | 0x1604a28 | 0x68 | data | 0.7019230769230769 | ||
RT_GROUP_ICON | 0x15fe8c8 | 0x68 | data | 0.6826923076923077 | ||
RT_GROUP_ICON | 0x160b250 | 0x76 | data | 0.6779661016949152 | ||
RT_GROUP_ICON | 0x1617be8 | 0x76 | data | 0.6694915254237288 | ||
RT_GROUP_ICON | 0x16113c0 | 0x68 | data | 0.7211538461538461 | ||
RT_VERSION | 0x1619990 | 0x284 | data | 0.5295031055900621 |
DLL | Import |
---|---|
KERNEL32.dll | GlobalMemoryStatus, SetComputerNameExA, CommConfigDialogA, LoadLibraryExW, InterlockedIncrement, GetConsoleAliasA, InterlockedDecrement, GetComputerNameW, BackupSeek, GetModuleHandleW, GetWindowsDirectoryA, EnumTimeFormatsA, SetCommState, GlobalAlloc, GetSystemDirectoryW, GlobalFindAtomA, LoadLibraryW, GetLocaleInfoW, CreateEventA, GetACP, GetConsoleOutputCP, GetLastError, SetLastError, GetProcAddress, LockFileEx, SetComputerNameA, SetFileAttributesA, BuildCommDCBW, WriteConsoleA, CreateHardLinkW, SetConsoleCtrlHandler, AddAtomA, GetModuleFileNameA, VirtualProtect, GetVersionExA, ReadConsoleInputW, GetCurrentProcessId, GetTempPathA, GetVolumeInformationW, LocalFileTimeToFileTime, CloseHandle, WriteConsoleW, EncodePointer, DecodePointer, IsProcessorFeaturePresent, GetCommandLineW, RaiseException, RtlUnwind, HeapFree, HeapAlloc, ExitProcess, GetModuleHandleExW, MultiByteToWideChar, WideCharToMultiByte, HeapSize, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, ReadFile, GetConsoleMode, ReadConsoleW, GetStdHandle, GetFileType, DeleteCriticalSection, GetStartupInfoW, SetFilePointerEx, GetCurrentThreadId, GetProcessHeap, GetModuleFileNameW, WriteFile, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, IsValidCodePage, GetOEMCP, GetCPInfo, HeapReAlloc, SetStdHandle, LCMapStringW, GetConsoleCP, FlushFileBuffers, OutputDebugStringW, GetStringTypeW, CreateFileW |
USER32.dll | ChangeMenuA |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2024 15:20:50.803286076 CEST | 49678 | 443 | 192.168.2.4 | 104.46.162.224 |
May 4, 2024 15:20:50.975805044 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
May 4, 2024 15:20:59.840543032 CEST | 49733 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:20:59.840572119 CEST | 443 | 49733 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:20:59.840624094 CEST | 49733 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:20:59.841167927 CEST | 49734 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:20:59.841176987 CEST | 443 | 49734 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:20:59.841227055 CEST | 49734 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:20:59.841358900 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:20:59.841387033 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:20:59.841434956 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:20:59.841698885 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:20:59.841726065 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:20:59.841777086 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:20:59.844533920 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:20:59.844551086 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:20:59.844913960 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:20:59.844923973 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:20:59.845298052 CEST | 49734 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:20:59.845305920 CEST | 443 | 49734 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:20:59.845685005 CEST | 49733 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:20:59.845700979 CEST | 443 | 49733 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.156265020 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.159094095 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.160001040 CEST | 443 | 49733 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.160922050 CEST | 443 | 49734 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.273819923 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:00.289328098 CEST | 49733 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:00.289331913 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:00.289391041 CEST | 49734 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:00.588893890 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
May 4, 2024 15:21:00.751188040 CEST | 49734 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:00.751214027 CEST | 443 | 49734 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.752995014 CEST | 443 | 49734 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.753004074 CEST | 443 | 49734 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.753051996 CEST | 49734 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:00.797452927 CEST | 49733 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:00.797468901 CEST | 443 | 49733 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.798654079 CEST | 443 | 49733 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.798665047 CEST | 443 | 49733 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.798718929 CEST | 49733 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:00.846596956 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:00.846615076 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.847564936 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.847592115 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.847635031 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:00.894514084 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:00.894536972 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.895486116 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.895498037 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:00.895550966 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.088009119 CEST | 49734 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.088176012 CEST | 443 | 49734 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.093605995 CEST | 49733 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.093703985 CEST | 443 | 49733 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.096170902 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.096235037 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.097778082 CEST | 49734 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.097795010 CEST | 443 | 49734 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.099266052 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.099332094 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.100251913 CEST | 49733 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.100263119 CEST | 443 | 49733 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.101059914 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.101069927 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.101692915 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.101710081 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.193092108 CEST | 49734 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.193108082 CEST | 49733 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.193114042 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.259799004 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.273360968 CEST | 443 | 49733 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.273488045 CEST | 443 | 49733 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.273540974 CEST | 49733 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.275028944 CEST | 443 | 49734 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.275098085 CEST | 443 | 49734 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.275125027 CEST | 443 | 49734 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.275135040 CEST | 49734 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.275156021 CEST | 443 | 49734 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.275192976 CEST | 49734 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.277451992 CEST | 443 | 49734 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.277606010 CEST | 443 | 49734 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.277643919 CEST | 49734 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.278358936 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.278979063 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.279021025 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.286144018 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.286192894 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.286225080 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.286231041 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.286278009 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.286309958 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.286313057 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.286365986 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.286397934 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.286401033 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.296487093 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.296530962 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.296534061 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.306653976 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.306740999 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.306746960 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.311945915 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.312004089 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.312006950 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.380583048 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.380592108 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.435518026 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.435578108 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.435583115 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.440886021 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.440942049 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.440946102 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.451138020 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.451184034 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.451186895 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.463265896 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.463310957 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.463315010 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.473836899 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.473896980 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.473900080 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.483197927 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.483253002 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.483257055 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.492229939 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.492276907 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.492280006 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.501364946 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.501420975 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.501425028 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.510776043 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.510848045 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.510850906 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.520215034 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.520266056 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.520268917 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.529644012 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.529695988 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.529697895 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.548505068 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.548554897 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.548557997 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.553236008 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.553283930 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.553286076 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.579363108 CEST | 49733 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.579380989 CEST | 443 | 49733 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.586968899 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.587008953 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.587013006 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.590413094 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.590451956 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.590455055 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.597660065 CEST | 49736 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.597686052 CEST | 443 | 49736 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.597925901 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.597964048 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.597966909 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.605210066 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.605247021 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.605251074 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.607749939 CEST | 49734 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.607759953 CEST | 443 | 49734 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.612076998 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.612118006 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.612121105 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.618951082 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.618987083 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.618989944 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.625843048 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.625883102 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.625885010 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.632689953 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.632730961 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.632734060 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.639538050 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.639581919 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.639585972 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.646375895 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.646420956 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.646424055 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.653261900 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.653301001 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.653302908 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.663568974 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.663602114 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.663604975 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.670398951 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.670433044 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.670435905 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.677290916 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.677329063 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.677333117 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.677340031 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.677375078 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.684192896 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.691019058 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.691051006 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.691055059 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.697904110 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.697937012 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.697940111 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.704574108 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.704606056 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.704607964 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.710882902 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.710912943 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.710916042 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.717206001 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.717247963 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.717250109 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.723238945 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.723268986 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.723272085 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.729161024 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.729195118 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.729202986 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.729207993 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.729243994 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.735122919 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.741141081 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.741183996 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.741189003 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.744177103 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.744220018 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.744223118 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.750116110 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.750158072 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.750159979 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.756131887 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.756174088 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.756175995 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.759845018 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.759886026 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.759887934 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.763510942 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.763555050 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.763557911 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.767170906 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.767218113 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.767220974 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.770838022 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.770881891 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.770884037 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.774375916 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.774421930 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.774424076 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.777911901 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.777954102 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.777956963 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.781440020 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.781476974 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.781478882 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.784919977 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.784964085 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.784966946 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.788310051 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.788345098 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.788347960 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.788443089 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:01.788479090 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.788764954 CEST | 49735 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:01.788774967 CEST | 443 | 49735 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:02.945353985 CEST | 49743 | 25 | 192.168.2.4 | 104.47.53.36 |
May 4, 2024 15:21:03.366069078 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:03.366136074 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:03.366229057 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:03.366419077 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:03.366451979 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:03.668523073 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:03.668544054 CEST | 443 | 49745 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:03.668772936 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:03.668992996 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:03.669006109 CEST | 443 | 49745 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:03.679744005 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:03.685674906 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:03.685689926 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:03.686547041 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:03.686616898 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:03.755160093 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:03.755223036 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:03.755249023 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:03.800121069 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:03.818067074 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:03.818073988 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:03.865001917 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:03.974328995 CEST | 49743 | 25 | 192.168.2.4 | 104.47.53.36 |
May 4, 2024 15:21:03.978516102 CEST | 443 | 49745 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:03.983496904 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:03.983542919 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:03.983575106 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:03.983587980 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:03.983596087 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:03.983623981 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:03.983643055 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:03.983648062 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:03.986278057 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:03.986284018 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:03.993876934 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:03.995273113 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:03.995279074 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.004391909 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.007379055 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.007384062 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.014842987 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.019366980 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.019372940 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.036741972 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:04.083607912 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.083612919 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.130477905 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.133053064 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.138201952 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.138230085 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.138369083 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.138375998 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.138421059 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.148663044 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.159275055 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.159301043 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.159343958 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.159352064 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.159502983 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.169616938 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.180119038 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.180136919 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.180282116 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.180289030 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.180334091 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.190567970 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.200284004 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.200313091 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.200458050 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.200465918 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.200522900 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.210134983 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.219794989 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.219818115 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.219973087 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.219979048 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.220024109 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.229548931 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.241556883 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.241588116 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.241730928 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.241738081 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.241802931 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.249039888 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.263051033 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.263098001 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.263251066 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.263257027 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.263302088 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.284926891 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.287302017 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.287333965 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.287473917 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.287482023 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.287524939 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.296026945 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.304402113 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.304433107 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.304483891 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.304490089 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.304651022 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.312494040 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.320429087 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.320456028 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.320611954 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.320617914 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.320664883 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.327651024 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.335490942 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.335525036 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.335575104 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.335582018 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.335743904 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.344743967 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.352649927 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.352679014 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.352824926 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.352832079 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.352873087 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.359167099 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.363027096 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.367275000 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.367280960 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.370635986 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.373399973 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.373405933 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.378288031 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.379275084 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.379281044 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.385056973 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.385112047 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.385117054 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.391838074 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.394300938 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.394306898 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.398703098 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.403295994 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.403301954 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.405220985 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.406402111 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.406408072 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.411561966 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.411612034 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.411617994 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.423572063 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.423604965 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.423772097 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.423779011 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.423826933 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.429591894 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.435523987 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.435575962 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.435713053 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.435720921 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.435764074 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.441288948 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.444256067 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.445274115 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.445280075 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.450052023 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.451384068 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.451390028 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.453712940 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.454282999 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.454288006 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.457329035 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.460946083 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.460974932 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.460992098 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.460999012 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.461020947 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.464551926 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.464613914 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.464656115 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.859121084 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.859457970 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:04.859477997 CEST | 443 | 49745 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:04.859858990 CEST | 443 | 49745 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:04.860547066 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:04.860604048 CEST | 443 | 49745 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:04.895205975 CEST | 49744 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:21:04.895216942 CEST | 443 | 49744 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:21:04.911470890 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:05.974586964 CEST | 49743 | 25 | 192.168.2.4 | 104.47.53.36 |
May 4, 2024 15:21:06.000761986 CEST | 49748 | 443 | 192.168.2.4 | 109.107.161.150 |
May 4, 2024 15:21:06.000782013 CEST | 443 | 49748 | 109.107.161.150 | 192.168.2.4 |
May 4, 2024 15:21:06.000869036 CEST | 49748 | 443 | 192.168.2.4 | 109.107.161.150 |
May 4, 2024 15:21:09.990716934 CEST | 49743 | 25 | 192.168.2.4 | 104.47.53.36 |
May 4, 2024 15:21:12.971812963 CEST | 49751 | 443 | 192.168.2.4 | 20.114.59.183 |
May 4, 2024 15:21:12.971841097 CEST | 443 | 49751 | 20.114.59.183 | 192.168.2.4 |
May 4, 2024 15:21:12.971915007 CEST | 49751 | 443 | 192.168.2.4 | 20.114.59.183 |
May 4, 2024 15:21:12.972873926 CEST | 49751 | 443 | 192.168.2.4 | 20.114.59.183 |
May 4, 2024 15:21:12.972887993 CEST | 443 | 49751 | 20.114.59.183 | 192.168.2.4 |
May 4, 2024 15:21:13.526290894 CEST | 443 | 49751 | 20.114.59.183 | 192.168.2.4 |
May 4, 2024 15:21:13.526365042 CEST | 49751 | 443 | 192.168.2.4 | 20.114.59.183 |
May 4, 2024 15:21:13.528765917 CEST | 49751 | 443 | 192.168.2.4 | 20.114.59.183 |
May 4, 2024 15:21:13.528774977 CEST | 443 | 49751 | 20.114.59.183 | 192.168.2.4 |
May 4, 2024 15:21:13.528978109 CEST | 443 | 49751 | 20.114.59.183 | 192.168.2.4 |
May 4, 2024 15:21:13.736123085 CEST | 443 | 49751 | 20.114.59.183 | 192.168.2.4 |
May 4, 2024 15:21:13.736174107 CEST | 49751 | 443 | 192.168.2.4 | 20.114.59.183 |
May 4, 2024 15:21:13.996234894 CEST | 443 | 49745 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:13.996293068 CEST | 443 | 49745 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:13.996361971 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:14.053172112 CEST | 49751 | 443 | 192.168.2.4 | 20.114.59.183 |
May 4, 2024 15:21:14.096117973 CEST | 443 | 49751 | 20.114.59.183 | 192.168.2.4 |
May 4, 2024 15:21:14.115614891 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:21:14.115629911 CEST | 443 | 49745 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:21:14.413738966 CEST | 443 | 49751 | 20.114.59.183 | 192.168.2.4 |
May 4, 2024 15:21:14.413757086 CEST | 443 | 49751 | 20.114.59.183 | 192.168.2.4 |
May 4, 2024 15:21:14.413769960 CEST | 443 | 49751 | 20.114.59.183 | 192.168.2.4 |
May 4, 2024 15:21:14.413810968 CEST | 49751 | 443 | 192.168.2.4 | 20.114.59.183 |
May 4, 2024 15:21:14.413822889 CEST | 443 | 49751 | 20.114.59.183 | 192.168.2.4 |
May 4, 2024 15:21:14.413835049 CEST | 49751 | 443 | 192.168.2.4 | 20.114.59.183 |
May 4, 2024 15:21:14.413836956 CEST | 443 | 49751 | 20.114.59.183 | 192.168.2.4 |
May 4, 2024 15:21:14.413861990 CEST | 49751 | 443 | 192.168.2.4 | 20.114.59.183 |
May 4, 2024 15:21:14.413867950 CEST | 443 | 49751 | 20.114.59.183 | 192.168.2.4 |
May 4, 2024 15:21:14.413880110 CEST | 49751 | 443 | 192.168.2.4 | 20.114.59.183 |
May 4, 2024 15:21:14.413949013 CEST | 443 | 49751 | 20.114.59.183 | 192.168.2.4 |
May 4, 2024 15:21:14.413986921 CEST | 49751 | 443 | 192.168.2.4 | 20.114.59.183 |
May 4, 2024 15:21:14.746140957 CEST | 49751 | 443 | 192.168.2.4 | 20.114.59.183 |
May 4, 2024 15:21:14.746151924 CEST | 443 | 49751 | 20.114.59.183 | 192.168.2.4 |
May 4, 2024 15:21:14.746182919 CEST | 49751 | 443 | 192.168.2.4 | 20.114.59.183 |
May 4, 2024 15:21:14.746187925 CEST | 443 | 49751 | 20.114.59.183 | 192.168.2.4 |
May 4, 2024 15:21:17.991318941 CEST | 49743 | 25 | 192.168.2.4 | 104.47.53.36 |
May 4, 2024 15:21:23.260438919 CEST | 49757 | 25 | 192.168.2.4 | 67.195.228.110 |
May 4, 2024 15:21:24.271121979 CEST | 49757 | 25 | 192.168.2.4 | 67.195.228.110 |
May 4, 2024 15:21:26.270936966 CEST | 49757 | 25 | 192.168.2.4 | 67.195.228.110 |
May 4, 2024 15:21:30.286809921 CEST | 49757 | 25 | 192.168.2.4 | 67.195.228.110 |
May 4, 2024 15:21:38.302359104 CEST | 49757 | 25 | 192.168.2.4 | 67.195.228.110 |
May 4, 2024 15:21:42.865564108 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:42.865592003 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:42.865664959 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:42.865910053 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:42.865923882 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.174560070 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.174823999 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.174834967 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.175139904 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.175199986 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.175755024 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.175806046 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.180577993 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.180634975 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.180733919 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.180741072 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.225277901 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.569185972 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.569204092 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.569272041 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.569284916 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.579473972 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.579540014 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.579546928 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.580976963 CEST | 49759 | 25 | 192.168.2.4 | 74.125.137.26 |
May 4, 2024 15:21:43.590049028 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.590116978 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.590123892 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.600502968 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.600562096 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.600568056 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.610980034 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.611031055 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.611037016 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.621459961 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.621512890 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.621517897 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.631952047 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.632000923 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.632006884 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.677205086 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.718463898 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.718511105 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.723653078 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.723710060 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.734138966 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.734206915 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.744653940 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.744728088 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.755121946 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.755182981 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.765577078 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.765631914 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.776082039 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.776129961 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.776134968 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.776160955 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.776221991 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.776227951 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.786556005 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.786624908 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.786631107 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.797063112 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.797120094 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.797126055 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.811785936 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.811811924 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.811850071 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.811856985 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.811892986 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.821126938 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.830460072 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.830485106 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.830529928 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.830537081 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.830579996 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.839829922 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.849144936 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.849172115 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.849208117 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.849212885 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.849255085 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.849260092 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.849280119 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:43.849335909 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.849517107 CEST | 49758 | 443 | 192.168.2.4 | 142.250.72.174 |
May 4, 2024 15:21:43.849524021 CEST | 443 | 49758 | 142.250.72.174 | 192.168.2.4 |
May 4, 2024 15:21:44.583539009 CEST | 49759 | 25 | 192.168.2.4 | 74.125.137.26 |
May 4, 2024 15:21:46.005501032 CEST | 49748 | 443 | 192.168.2.4 | 109.107.161.150 |
May 4, 2024 15:21:46.005558014 CEST | 443 | 49748 | 109.107.161.150 | 192.168.2.4 |
May 4, 2024 15:21:46.005614996 CEST | 49748 | 443 | 192.168.2.4 | 109.107.161.150 |
May 4, 2024 15:21:46.115487099 CEST | 49765 | 443 | 192.168.2.4 | 109.107.161.150 |
May 4, 2024 15:21:46.115493059 CEST | 443 | 49765 | 109.107.161.150 | 192.168.2.4 |
May 4, 2024 15:21:46.115555048 CEST | 49765 | 443 | 192.168.2.4 | 109.107.161.150 |
May 4, 2024 15:21:46.593939066 CEST | 49759 | 25 | 192.168.2.4 | 74.125.137.26 |
May 4, 2024 15:21:50.598898888 CEST | 49759 | 25 | 192.168.2.4 | 74.125.137.26 |
May 4, 2024 15:21:51.345231056 CEST | 49770 | 443 | 192.168.2.4 | 40.68.123.157 |
May 4, 2024 15:21:51.345257998 CEST | 443 | 49770 | 40.68.123.157 | 192.168.2.4 |
May 4, 2024 15:21:51.345340967 CEST | 49770 | 443 | 192.168.2.4 | 40.68.123.157 |
May 4, 2024 15:21:51.345741987 CEST | 49770 | 443 | 192.168.2.4 | 40.68.123.157 |
May 4, 2024 15:21:51.345755100 CEST | 443 | 49770 | 40.68.123.157 | 192.168.2.4 |
May 4, 2024 15:21:52.238426924 CEST | 443 | 49770 | 40.68.123.157 | 192.168.2.4 |
May 4, 2024 15:21:52.238495111 CEST | 49770 | 443 | 192.168.2.4 | 40.68.123.157 |
May 4, 2024 15:21:52.242914915 CEST | 49770 | 443 | 192.168.2.4 | 40.68.123.157 |
May 4, 2024 15:21:52.242923021 CEST | 443 | 49770 | 40.68.123.157 | 192.168.2.4 |
May 4, 2024 15:21:52.243160963 CEST | 443 | 49770 | 40.68.123.157 | 192.168.2.4 |
May 4, 2024 15:21:52.251466036 CEST | 49770 | 443 | 192.168.2.4 | 40.68.123.157 |
May 4, 2024 15:21:52.292120934 CEST | 443 | 49770 | 40.68.123.157 | 192.168.2.4 |
May 4, 2024 15:21:53.120028019 CEST | 443 | 49770 | 40.68.123.157 | 192.168.2.4 |
May 4, 2024 15:21:53.120049000 CEST | 443 | 49770 | 40.68.123.157 | 192.168.2.4 |
May 4, 2024 15:21:53.120106936 CEST | 443 | 49770 | 40.68.123.157 | 192.168.2.4 |
May 4, 2024 15:21:53.120235920 CEST | 49770 | 443 | 192.168.2.4 | 40.68.123.157 |
May 4, 2024 15:21:53.120261908 CEST | 443 | 49770 | 40.68.123.157 | 192.168.2.4 |
May 4, 2024 15:21:53.120332956 CEST | 49770 | 443 | 192.168.2.4 | 40.68.123.157 |
May 4, 2024 15:21:53.127206087 CEST | 49770 | 443 | 192.168.2.4 | 40.68.123.157 |
May 4, 2024 15:21:53.127223969 CEST | 443 | 49770 | 40.68.123.157 | 192.168.2.4 |
May 4, 2024 15:21:53.127239943 CEST | 49770 | 443 | 192.168.2.4 | 40.68.123.157 |
May 4, 2024 15:21:53.127244949 CEST | 443 | 49770 | 40.68.123.157 | 192.168.2.4 |
May 4, 2024 15:21:58.598862886 CEST | 49759 | 25 | 192.168.2.4 | 74.125.137.26 |
May 4, 2024 15:22:03.725330114 CEST | 49772 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:22:03.725356102 CEST | 443 | 49772 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:22:03.725461006 CEST | 49772 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:22:03.725675106 CEST | 49772 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:22:03.725687981 CEST | 443 | 49772 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:22:03.886938095 CEST | 49773 | 25 | 192.168.2.4 | 217.69.139.150 |
May 4, 2024 15:22:04.033154011 CEST | 443 | 49772 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:22:04.033446074 CEST | 49772 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:22:04.033453941 CEST | 443 | 49772 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:22:04.033735037 CEST | 443 | 49772 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:22:04.034164906 CEST | 49772 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:22:04.034225941 CEST | 443 | 49772 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:22:04.083364964 CEST | 49772 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:22:04.895889997 CEST | 49773 | 25 | 192.168.2.4 | 217.69.139.150 |
May 4, 2024 15:22:06.895875931 CEST | 49773 | 25 | 192.168.2.4 | 217.69.139.150 |
May 4, 2024 15:22:09.740679979 CEST | 49723 | 80 | 192.168.2.4 | 23.206.229.76 |
May 4, 2024 15:22:09.740685940 CEST | 49724 | 80 | 192.168.2.4 | 23.206.229.76 |
May 4, 2024 15:22:09.890600920 CEST | 80 | 49724 | 23.206.229.76 | 192.168.2.4 |
May 4, 2024 15:22:09.890760899 CEST | 49724 | 80 | 192.168.2.4 | 23.206.229.76 |
May 4, 2024 15:22:09.890806913 CEST | 80 | 49723 | 23.206.229.76 | 192.168.2.4 |
May 4, 2024 15:22:09.890857935 CEST | 49723 | 80 | 192.168.2.4 | 23.206.229.76 |
May 4, 2024 15:22:10.896810055 CEST | 49773 | 25 | 192.168.2.4 | 217.69.139.150 |
May 4, 2024 15:22:14.032886028 CEST | 443 | 49772 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:22:14.032946110 CEST | 443 | 49772 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:22:14.033093929 CEST | 49772 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:22:14.425909042 CEST | 49772 | 443 | 192.168.2.4 | 142.250.217.132 |
May 4, 2024 15:22:14.425924063 CEST | 443 | 49772 | 142.250.217.132 | 192.168.2.4 |
May 4, 2024 15:22:17.157304049 CEST | 49774 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:17.157363892 CEST | 443 | 49774 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:17.157460928 CEST | 49774 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:17.157691002 CEST | 49774 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:17.157697916 CEST | 443 | 49774 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:17.471966982 CEST | 443 | 49774 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:17.521872044 CEST | 49774 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.311526060 CEST | 49774 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.311547995 CEST | 443 | 49774 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.311970949 CEST | 443 | 49774 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.312033892 CEST | 49774 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.312587976 CEST | 443 | 49774 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.312648058 CEST | 49774 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.314632893 CEST | 49774 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.314692974 CEST | 443 | 49774 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.314930916 CEST | 49774 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.314939022 CEST | 443 | 49774 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.370073080 CEST | 49774 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.471287012 CEST | 443 | 49774 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.471354008 CEST | 443 | 49774 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.471402884 CEST | 49774 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.471903086 CEST | 49774 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.471931934 CEST | 443 | 49774 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.472887039 CEST | 49775 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.472923994 CEST | 443 | 49775 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.472984076 CEST | 49775 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.473356009 CEST | 49775 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.473371029 CEST | 443 | 49775 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.783845901 CEST | 443 | 49775 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.786875010 CEST | 49775 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.786887884 CEST | 443 | 49775 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.787214994 CEST | 443 | 49775 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.787277937 CEST | 49775 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.787815094 CEST | 443 | 49775 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.787864923 CEST | 49775 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.787976027 CEST | 49775 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.788033009 CEST | 443 | 49775 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.788120031 CEST | 49775 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.788132906 CEST | 443 | 49775 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.788146973 CEST | 49775 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.835338116 CEST | 49775 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:18.835345984 CEST | 443 | 49775 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:18.912066936 CEST | 49773 | 25 | 192.168.2.4 | 217.69.139.150 |
May 4, 2024 15:22:19.117588043 CEST | 443 | 49775 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:19.117707014 CEST | 443 | 49775 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:19.117841959 CEST | 49775 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:19.120457888 CEST | 49775 | 443 | 192.168.2.4 | 142.250.189.14 |
May 4, 2024 15:22:19.120479107 CEST | 443 | 49775 | 142.250.189.14 | 192.168.2.4 |
May 4, 2024 15:22:19.278431892 CEST | 49776 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:22:19.278455973 CEST | 443 | 49776 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:22:19.278575897 CEST | 49776 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:22:19.279284954 CEST | 49776 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:22:19.279298067 CEST | 443 | 49776 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:22:19.587614059 CEST | 443 | 49776 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:22:19.587857008 CEST | 49776 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:22:19.587867975 CEST | 443 | 49776 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:22:19.588187933 CEST | 443 | 49776 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:22:19.588237047 CEST | 49776 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:22:19.588792086 CEST | 443 | 49776 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:22:19.588835955 CEST | 49776 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:22:19.588962078 CEST | 49776 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:22:19.589011908 CEST | 443 | 49776 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:22:19.589121103 CEST | 49776 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:22:19.589127064 CEST | 443 | 49776 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:22:19.630793095 CEST | 49776 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:22:19.898260117 CEST | 443 | 49776 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:22:19.898282051 CEST | 443 | 49776 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:22:19.898364067 CEST | 49776 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:22:19.898374081 CEST | 443 | 49776 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:22:19.899993896 CEST | 49776 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:22:19.900024891 CEST | 443 | 49776 | 142.250.176.14 | 192.168.2.4 |
May 4, 2024 15:22:19.900084972 CEST | 49776 | 443 | 192.168.2.4 | 142.250.176.14 |
May 4, 2024 15:22:26.130115032 CEST | 49765 | 443 | 192.168.2.4 | 109.107.161.150 |
May 4, 2024 15:22:26.130188942 CEST | 443 | 49765 | 109.107.161.150 | 192.168.2.4 |
May 4, 2024 15:22:26.130253077 CEST | 49765 | 443 | 192.168.2.4 | 109.107.161.150 |
May 4, 2024 15:22:26.240277052 CEST | 49777 | 443 | 192.168.2.4 | 109.107.161.150 |
May 4, 2024 15:22:26.240317106 CEST | 443 | 49777 | 109.107.161.150 | 192.168.2.4 |
May 4, 2024 15:22:26.240402937 CEST | 49777 | 443 | 192.168.2.4 | 109.107.161.150 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2024 15:20:59.688174963 CEST | 59216 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:20:59.688174963 CEST | 61116 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:20:59.760735989 CEST | 53 | 53212 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:20:59.811029911 CEST | 53 | 51826 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:20:59.839366913 CEST | 53 | 61116 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:20:59.839405060 CEST | 53 | 59216 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:01.753509045 CEST | 53 | 63418 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:02.037156105 CEST | 53 | 61391 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:02.709583044 CEST | 57287 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:21:02.944638968 CEST | 53 | 57287 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:03.210967064 CEST | 49566 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:21:03.211328983 CEST | 50952 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:21:03.361237049 CEST | 53 | 49566 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:03.363080978 CEST | 53 | 50952 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:05.197182894 CEST | 64392 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:21:06.000072956 CEST | 53 | 64392 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:19.764558077 CEST | 53 | 51860 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:21.338567019 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
May 4, 2024 15:21:22.958383083 CEST | 64663 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:21:23.108664036 CEST | 53 | 64663 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:23.109292030 CEST | 65141 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:21:23.259823084 CEST | 53 | 65141 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:38.625904083 CEST | 53 | 59734 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:42.713696957 CEST | 50848 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:21:42.713850021 CEST | 61986 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:21:42.864095926 CEST | 53 | 50848 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:42.865144014 CEST | 53 | 61986 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:43.271225929 CEST | 55440 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:21:43.423000097 CEST | 53 | 55440 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:43.423614979 CEST | 54697 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:21:43.574397087 CEST | 53 | 54697 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:43.733818054 CEST | 53 | 50751 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:45.001261950 CEST | 53 | 57548 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:46.302423954 CEST | 53 | 61985 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:21:59.235908031 CEST | 53 | 56510 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:22:01.313009977 CEST | 53 | 57552 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:22:03.583894968 CEST | 59522 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:22:03.734599113 CEST | 53 | 59522 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:22:03.735274076 CEST | 62346 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:22:03.886388063 CEST | 53 | 62346 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:22:16.987966061 CEST | 50872 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:22:16.988145113 CEST | 65275 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:22:17.139319897 CEST | 53 | 50872 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:22:17.139729023 CEST | 53 | 65275 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:22:19.126493931 CEST | 65379 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:22:19.126653910 CEST | 52814 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:22:19.276923895 CEST | 53 | 65379 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:22:19.277420044 CEST | 53 | 52814 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:22:27.676461935 CEST | 53 | 64314 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:22:42.647651911 CEST | 53087 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:22:42.982033014 CEST | 53 | 53087 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 15:23:01.066675901 CEST | 60561 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 15:23:01.300811052 CEST | 53 | 60561 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 4, 2024 15:20:59.688174963 CEST | 192.168.2.4 | 1.1.1.1 | 0xb0e1 | Standard query (0) | 65 | IN (0x0001) | false | |
May 4, 2024 15:20:59.688174963 CEST | 192.168.2.4 | 1.1.1.1 | 0x9286 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 15:21:02.709583044 CEST | 192.168.2.4 | 1.1.1.1 | 0xc17c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 15:21:03.210967064 CEST | 192.168.2.4 | 1.1.1.1 | 0x9910 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 15:21:03.211328983 CEST | 192.168.2.4 | 1.1.1.1 | 0xb03b | Standard query (0) | 65 | IN (0x0001) | false | |
May 4, 2024 15:21:05.197182894 CEST | 192.168.2.4 | 1.1.1.1 | 0x4ea6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 15:21:22.958383083 CEST | 192.168.2.4 | 1.1.1.1 | 0x813 | Standard query (0) | MX (Mail exchange) | IN (0x0001) | false | |
May 4, 2024 15:21:23.109292030 CEST | 192.168.2.4 | 1.1.1.1 | 0x58f3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 15:21:42.713696957 CEST | 192.168.2.4 | 1.1.1.1 | 0xfb6c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 15:21:42.713850021 CEST | 192.168.2.4 | 1.1.1.1 | 0x64e1 | Standard query (0) | 65 | IN (0x0001) | false | |
May 4, 2024 15:21:43.271225929 CEST | 192.168.2.4 | 1.1.1.1 | 0xe8e4 | Standard query (0) | MX (Mail exchange) | IN (0x0001) | false | |
May 4, 2024 15:21:43.423614979 CEST | 192.168.2.4 | 1.1.1.1 | 0x35a6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 15:22:03.583894968 CEST | 192.168.2.4 | 1.1.1.1 | 0x674d | Standard query (0) | MX (Mail exchange) | IN (0x0001) | false | |
May 4, 2024 15:22:03.735274076 CEST | 192.168.2.4 | 1.1.1.1 | 0x6ea6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 15:22:16.987966061 CEST | 192.168.2.4 | 1.1.1.1 | 0xce6d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 15:22:16.988145113 CEST | 192.168.2.4 | 1.1.1.1 | 0xcc61 | Standard query (0) | 65 | IN (0x0001) | false | |
May 4, 2024 15:22:19.126493931 CEST | 192.168.2.4 | 1.1.1.1 | 0x87 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 15:22:19.126653910 CEST | 192.168.2.4 | 1.1.1.1 | 0x7a10 | Standard query (0) | 65 | IN (0x0001) | false | |
May 4, 2024 15:22:42.647651911 CEST | 192.168.2.4 | 1.1.1.1 | 0xdf35 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 15:23:01.066675901 CEST | 192.168.2.4 | 1.1.1.1 | 0x6152 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 4, 2024 15:20:59.839366913 CEST | 1.1.1.1 | 192.168.2.4 | 0x9286 | No error (0) | 142.250.217.132 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:20:59.839405060 CEST | 1.1.1.1 | 192.168.2.4 | 0xb0e1 | No error (0) | 65 | IN (0x0001) | false | |||
May 4, 2024 15:21:02.944638968 CEST | 1.1.1.1 | 192.168.2.4 | 0xc17c | No error (0) | 104.47.53.36 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:02.944638968 CEST | 1.1.1.1 | 192.168.2.4 | 0xc17c | No error (0) | 104.47.54.36 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:03.361237049 CEST | 1.1.1.1 | 192.168.2.4 | 0x9910 | No error (0) | plus.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 15:21:03.361237049 CEST | 1.1.1.1 | 192.168.2.4 | 0x9910 | No error (0) | 142.250.176.14 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:03.363080978 CEST | 1.1.1.1 | 192.168.2.4 | 0xb03b | No error (0) | plus.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 15:21:06.000072956 CEST | 1.1.1.1 | 192.168.2.4 | 0x4ea6 | No error (0) | 109.107.161.150 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:23.108664036 CEST | 1.1.1.1 | 192.168.2.4 | 0x813 | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
May 4, 2024 15:21:23.108664036 CEST | 1.1.1.1 | 192.168.2.4 | 0x813 | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
May 4, 2024 15:21:23.108664036 CEST | 1.1.1.1 | 192.168.2.4 | 0x813 | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
May 4, 2024 15:21:23.259823084 CEST | 1.1.1.1 | 192.168.2.4 | 0x58f3 | No error (0) | 67.195.228.110 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:23.259823084 CEST | 1.1.1.1 | 192.168.2.4 | 0x58f3 | No error (0) | 67.195.228.111 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:23.259823084 CEST | 1.1.1.1 | 192.168.2.4 | 0x58f3 | No error (0) | 67.195.204.72 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:23.259823084 CEST | 1.1.1.1 | 192.168.2.4 | 0x58f3 | No error (0) | 67.195.204.79 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:23.259823084 CEST | 1.1.1.1 | 192.168.2.4 | 0x58f3 | No error (0) | 67.195.204.73 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:23.259823084 CEST | 1.1.1.1 | 192.168.2.4 | 0x58f3 | No error (0) | 67.195.204.77 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:23.259823084 CEST | 1.1.1.1 | 192.168.2.4 | 0x58f3 | No error (0) | 67.195.228.109 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:23.259823084 CEST | 1.1.1.1 | 192.168.2.4 | 0x58f3 | No error (0) | 98.136.96.77 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:42.864095926 CEST | 1.1.1.1 | 192.168.2.4 | 0xfb6c | No error (0) | www3.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 15:21:42.864095926 CEST | 1.1.1.1 | 192.168.2.4 | 0xfb6c | No error (0) | 142.250.72.174 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:42.865144014 CEST | 1.1.1.1 | 192.168.2.4 | 0x64e1 | No error (0) | www3.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 15:21:43.423000097 CEST | 1.1.1.1 | 192.168.2.4 | 0xe8e4 | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
May 4, 2024 15:21:43.574397087 CEST | 1.1.1.1 | 192.168.2.4 | 0x35a6 | No error (0) | 74.125.137.26 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:43.574397087 CEST | 1.1.1.1 | 192.168.2.4 | 0x35a6 | No error (0) | 142.251.2.26 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:43.574397087 CEST | 1.1.1.1 | 192.168.2.4 | 0x35a6 | No error (0) | 74.125.137.27 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:43.574397087 CEST | 1.1.1.1 | 192.168.2.4 | 0x35a6 | No error (0) | 142.250.141.27 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:21:43.574397087 CEST | 1.1.1.1 | 192.168.2.4 | 0x35a6 | No error (0) | 142.250.101.27 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:22:03.734599113 CEST | 1.1.1.1 | 192.168.2.4 | 0x674d | No error (0) | MX (Mail exchange) | IN (0x0001) | false | |||
May 4, 2024 15:22:03.886388063 CEST | 1.1.1.1 | 192.168.2.4 | 0x6ea6 | No error (0) | 217.69.139.150 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:22:03.886388063 CEST | 1.1.1.1 | 192.168.2.4 | 0x6ea6 | No error (0) | 94.100.180.31 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:22:17.139319897 CEST | 1.1.1.1 | 192.168.2.4 | 0xce6d | No error (0) | 142.250.189.14 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:22:19.276923895 CEST | 1.1.1.1 | 192.168.2.4 | 0x87 | No error (0) | 142.250.176.14 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:22:42.982033014 CEST | 1.1.1.1 | 192.168.2.4 | 0xdf35 | No error (0) | 217.69.139.150 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:22:42.982033014 CEST | 1.1.1.1 | 192.168.2.4 | 0xdf35 | No error (0) | 94.100.180.31 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:23:01.300811052 CEST | 1.1.1.1 | 192.168.2.4 | 0x6152 | No error (0) | 104.47.53.36 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 15:23:01.300811052 CEST | 1.1.1.1 | 192.168.2.4 | 0x6152 | No error (0) | 104.47.54.36 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49734 | 142.250.217.132 | 443 | 7208 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 13:21:01 UTC | 607 | OUT | |
2024-05-04 13:21:01 UTC | 1283 | IN | |
2024-05-04 13:21:01 UTC | 884 | IN | |
2024-05-04 13:21:01 UTC | 1255 | IN | |
2024-05-04 13:21:01 UTC | 1063 | IN | |
2024-05-04 13:21:01 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49733 | 142.250.217.132 | 443 | 7208 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 13:21:01 UTC | 353 | OUT | |
2024-05-04 13:21:01 UTC | 967 | IN | |
2024-05-04 13:21:01 UTC | 25 | IN | |
2024-05-04 13:21:01 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49735 | 142.250.217.132 | 443 | 7208 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 13:21:01 UTC | 510 | OUT | |
2024-05-04 13:21:01 UTC | 967 | IN | |
2024-05-04 13:21:01 UTC | 288 | IN | |
2024-05-04 13:21:01 UTC | 1255 | IN | |
2024-05-04 13:21:01 UTC | 1255 | IN | |
2024-05-04 13:21:01 UTC | 1255 | IN | |
2024-05-04 13:21:01 UTC | 1255 | IN | |
2024-05-04 13:21:01 UTC | 1255 | IN | |
2024-05-04 13:21:01 UTC | 1255 | IN | |
2024-05-04 13:21:01 UTC | 730 | IN | |
2024-05-04 13:21:01 UTC | 451 | IN | |
2024-05-04 13:21:01 UTC | 1255 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49736 | 142.250.217.132 | 443 | 7208 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 13:21:01 UTC | 353 | OUT | |
2024-05-04 13:21:01 UTC | 922 | IN | |
2024-05-04 13:21:01 UTC | 35 | IN | |
2024-05-04 13:21:01 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49744 | 142.250.176.14 | 443 | 7208 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 13:21:03 UTC | 741 | OUT | |
2024-05-04 13:21:03 UTC | 916 | IN | |
2024-05-04 13:21:03 UTC | 339 | IN | |
2024-05-04 13:21:03 UTC | 1255 | IN | |
2024-05-04 13:21:03 UTC | 1255 | IN | |
2024-05-04 13:21:03 UTC | 1255 | IN | |
2024-05-04 13:21:03 UTC | 1255 | IN | |
2024-05-04 13:21:03 UTC | 1255 | IN | |
2024-05-04 13:21:03 UTC | 1255 | IN | |
2024-05-04 13:21:03 UTC | 1255 | IN | |
2024-05-04 13:21:04 UTC | 1255 | IN | |
2024-05-04 13:21:04 UTC | 1255 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49751 | 20.114.59.183 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 13:21:14 UTC | 306 | OUT | |
2024-05-04 13:21:14 UTC | 560 | IN | |
2024-05-04 13:21:14 UTC | 15824 | IN | |
2024-05-04 13:21:14 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49758 | 142.250.72.174 | 443 | 7208 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 13:21:43 UTC | 872 | OUT | |
2024-05-04 13:21:43 UTC | 2497 | IN |