Windows
Analysis Report
LisectAVT_2403002C_142.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- LisectAVT_2403002C_142.exe (PID: 7492 cmdline:
"C:\Users\ user\Deskt op\LisectA VT_2403002 C_142.exe" MD5: 01DA9EA1CC55C02A1755B20A4EC69F05) - chrome.exe (PID: 7676 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http://g o.microsof t.com/fwli nk/?prd=11 324&pver=4 .5&sbp=App Launch2&pl cid=0x409& o1=SHIM_NO VERSION_FO UND&versio n=(null)&p rocessName =LisectAVT _2403002C_ 142.exe&pl atform=000 9&osver=6& isServer=0 &shimver=4 .0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7900 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2172 --fi eld-trial- handle=190 4,i,304504 0594546194 306,804649 3471930814 901,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 3552 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http://g o.microsof t.com/fwli nk/?prd=11 324&pver=4 .5&sbp=App Launch2&pl cid=0x409& o1=SHIM_NO VERSION_FO UND&versio n=(null)&p rocessName =LisectAVT _2403002C_ 142.exe&pl atform=000 9&osver=6& isServer=0 &shimver=4 .0.30319.0 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 4508 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2128 --fi eld-trial- handle=188 8,i,699948 9819283979 014,135407 4917657871 9827,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
NjRAT | RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored. |
{"Campaign ID": "Lmao", "Version": "0.7d", "Install Name": "496779573766ea94e8f182410716b25d", "Install Dir": "Adobe Update", "Registry Value": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Network Seprator": "|'|'|"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
Windows_Trojan_Njrat_30f3c220 | unknown | unknown |
| |
Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group |
| |
MALWARE_Win_NjRAT | Detects NjRAT / Bladabindi | ditekSHen |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
Windows_Trojan_Njrat_30f3c220 | unknown | unknown |
| |
Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group |
| |
JoeSecurity_Njrat | Yara detected Njrat | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Njrat | Yara detected Njrat | Joe Security | ||
Windows_Trojan_Njrat_30f3c220 | unknown | unknown |
| |
Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group |
| |
MALWARE_Win_NjRAT | Detects NjRAT / Bladabindi | ditekSHen |
|
Timestamp: | 2024-07-25T09:47:57.186261+0200 |
SID: | 2012510 |
Source Port: | 443 |
Destination Port: | 49726 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-25T09:47:59.822671+0200 |
SID: | 2012510 |
Source Port: | 443 |
Destination Port: | 49737 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-25T09:47:59.844808+0200 |
SID: | 2012510 |
Source Port: | 443 |
Destination Port: | 49737 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-25T09:48:40.834189+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 60450 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-25T09:47:58.111870+0200 |
SID: | 2012510 |
Source Port: | 443 |
Destination Port: | 49726 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-25T09:47:56.967085+0200 |
SID: | 2012510 |
Source Port: | 443 |
Destination Port: | 49726 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-25T09:48:00.029513+0200 |
SID: | 2012510 |
Source Port: | 443 |
Destination Port: | 49737 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-25T09:48:00.949369+0200 |
SID: | 2012510 |
Source Port: | 443 |
Destination Port: | 49737 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-25T09:47:58.111882+0200 |
SID: | 2012510 |
Source Port: | 443 |
Destination Port: | 49726 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-25T09:47:56.999296+0200 |
SID: | 2012510 |
Source Port: | 443 |
Destination Port: | 49726 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Timestamp: | 2024-07-25T09:48:02.551404+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 49760 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-25T09:48:00.949372+0200 |
SID: | 2012510 |
Source Port: | 443 |
Destination Port: | 49737 |
Protocol: | TCP |
Classtype: | Potentially Bad Traffic |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Joe Sandbox ML: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Spreading |
---|
Source: | .Net Code: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | .Net Code: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Lowering of HIPS / PFW / Operating System Security Settings |
---|
Source: | .Net Code: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 11 Replication Through Removable Media | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 12 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Registry Run Keys / Startup Folder | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 12 Process Injection | Security Account Manager | 1 Peripheral Device Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | 1 System Information Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Software Packing | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
97% | ReversingLabs | Win32.Virus.Jadtre | ||
100% | Avira | W32/Jadtre.B | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
s-part-0014.t-0009.t-msedge.net | 13.107.246.42 | true | false | unknown | |
s-part-0014.t-0009.fb-t-msedge.net | 13.107.253.42 | true | false | unknown | |
s-part-0017.t-0009.fb-t-msedge.net | 13.107.253.45 | true | false | unknown | |
www.google.com | 172.217.18.4 | true | false | unknown | |
js.monitor.azure.com | unknown | unknown | true | unknown | |
mdec.nelreports.net | unknown | unknown | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.107.246.42 | s-part-0014.t-0009.t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
172.217.18.4 | www.google.com | United States | 15169 | GOOGLEUS | false | |
13.107.253.45 | s-part-0017.t-0009.fb-t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
13.107.253.42 | s-part-0014.t-0009.fb-t-msedge.net | United States | 8068 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
IP |
---|
192.168.2.8 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1481468 |
Start date and time: | 2024-07-25 09:46:50 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 52s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | LisectAVT_2403002C_142.exe |
Detection: | MAL |
Classification: | mal100.spre.troj.evad.winEXE@29/67@10/6 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 216.58.206.35, 2.19.246.123, 142.250.185.238, 74.125.133.84, 34.104.35.123, 95.101.150.2, 2.19.126.156, 2.19.126.137, 216.58.206.74, 172.217.16.138, 142.250.185.138, 142.250.185.74, 142.250.186.106, 172.217.23.106, 142.250.185.106, 172.217.18.10, 142.250.184.202, 142.250.185.202, 142.250.185.170, 142.250.186.74, 216.58.206.42, 142.250.181.234, 142.250.185.234, 142.250.186.42, 52.168.117.171, 192.229.221.95, 13.74.129.1, 13.107.21.237, 204.79.197.237, 52.168.117.169, 142.250.185.131, 142.250.185.206
- Excluded domains from analysis (whitelisted): aijscdn2.afd.azureedge.net, azurefd-t-fb-prod.trafficmanager.net, slscr.update.microsoft.com, c-msn-com-nsatc.trafficmanager.net, clientservices.googleapis.com, browser.events.data.trafficmanager.net, learn.microsoft.com, onedscolprdeus10.eastus.cloudapp.azure.com, e11290.dspg.akamaiedge.net, mdec.nelreports.net.akamaized.net, go.microsoft.com, clients2.google.com, ocsp.digicert.com, a1883.dscd.akamai.net, onedscolprdeus16.eastus.cloudapp.azure.com, learn.microsoft.com.edgekey.net, update.googleapis.com, clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, c-bing-com.dual-a-0034.a-msedge.net, learn.microsoft.com.edgekey.net.globalredir.akadns.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, aijscdn2.azureedge.net, browser.events.data.microsoft.com, edgedl.me.gvt1.com, e13636.dscb.akamaiedge.net, c.bing.com, learn-public.trafficmanager.net, go.microsoft.com.edgekey.net, dual-a-0034.a-msedge.ne
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: LisectAVT_2403002C_142.exe
Input | Output |
---|---|
URL: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=LisectAVT_2403002C_142.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 Model: Perplexity: mixtral-8x7b-instruct | {"loginform": false,"urgency": false,"captcha": false,"reasons": ["The webpage does not contain a login form, as it does not request any sensitive information such as passwords, email addresses, usernames, phone numbers, or credit card numbers.","The text of the webpage does not create a sense of urgency, as it does not contain phrases such as 'Click here to view document', 'To view secured document click here', or 'Open the link to see your invoice'.","The webpage does not contain a CAPTCHA or any other anti-robot detection mechanism."]} |
Title: Fix .NET Framework 'This application could not be started' - .NET Framework | Microsoft Learn OCR: Learn Q Sign in Discover v Product documentation Development languages v Topics v .NET Languages Features v Workloads Troubleshooting Resources v Download .NET APIs v Filter by title .NET / .NET Framework / Learn / .NET Framework documentation "This application could not be Overview of .NET Framework started" error when running a .NET Get started v Installation guide Framework application Overview For developers Article 02/16/2023 6 contributors Feedback > By OS version Repair .NET framework In this article v TroubleshcHJt How to fix the error Troubleshoot install end uninstall See also Troubleshoot 'This application could not started' When you attempt to run a .NET Framework application, you may receive the "This .NET Framework 3.5 on Windows 8 application could not be started" error message. When this error is caused by an installed through Windows 11 version of .NET Framework not being detected, or by .NET Framework being corrupted, use this article to try to solve that problem. .NET Framework 1.1 on Windows 8 through Windows 11 mt.exe - This application could not be started. > Migration guide Development guide This application could not be started, > Tools Do you want to view information about this issue? > Additional APIs > What's new and obsolete Code analysis Yes No Download PDF |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
13.107.246.42 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
239.255.255.250 | Get hash | malicious | Coinhive, Xmrig | Browse | ||
Get hash | malicious | Xmrig | Browse | |||
Get hash | malicious | Revenge | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
13.107.253.42 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
13.107.253.45 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
s-part-0014.t-0009.t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Ramnit | Browse |
| ||
Get hash | malicious | BlackMoon | Browse |
| ||
s-part-0017.t-0009.fb-t-msedge.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
s-part-0014.t-0009.fb-t-msedge.net | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | DBatLoader | Browse |
| |
Get hash | malicious | Revenge | Browse |
| ||
Get hash | malicious | EICAR | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | DBatLoader | Browse |
| |
Get hash | malicious | Revenge | Browse |
| ||
Get hash | malicious | EICAR | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | DBatLoader | Browse |
| |
Get hash | malicious | Revenge | Browse |
| ||
Get hash | malicious | EICAR | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Coinhive, Xmrig | Browse |
| |
Get hash | malicious | Xmrig | Browse |
| ||
Get hash | malicious | Revenge | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.988875670508166 |
Encrypted: | false |
SSDEEP: | 48:81K0dsQTM0hDbYEHgidAKZdA1oehwiZUklqehny+3:81KRQYODbBUy |
MD5: | 873CE71EE1333F7F64018A3AB38CC034 |
SHA1: | 9AA10E07C8C63A621131701AA7FE0410D85F91D3 |
SHA-256: | A6BA81B35D86BF43FE79DA0CD9F32AF3949A44DC84BF4844FF04793490EF7050 |
SHA-512: | 4608676A5BD3AF8C2D7FBD87373EF2B69EF563CB4538D4DE87364D48AC50767E567CDC5B6423119845A30CB30F7726E72616F2646030317222BBFAF806BDAA4D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.004309522662485 |
Encrypted: | false |
SSDEEP: | 48:8iK0dsQTM0hDbYEHgidAKZdA1leh/iZUkAQkqehEy+2:8iKRQYODbT9QVy |
MD5: | 19B882CF18A36C93F74F6BFD0EFC065F |
SHA1: | ECC6B5A179973B5E9F212B74A82B386B849ADD28 |
SHA-256: | DA1865DC369AC353A66AE9229116945D3E0D71CB2B78BE350AABE6C0E100F523 |
SHA-512: | 398A6AF835BE418CFA5704CEA56C63D591080B46D67EA02B47C90698BAB4D37BE75CCF3129600CCD8BA2511B40CD168027FF7B904017C1513247DF9C3F0A4D23 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.012860144614373 |
Encrypted: | false |
SSDEEP: | 48:8NK0dsQTM0hDbbHgidAKZdA14t5eh7sFiZUkmgqeh7sqy+BX:8NKRQYODbhnwy |
MD5: | 65C0C93B9A5C58DE58568730512132E7 |
SHA1: | 576B4234761BCAEF364D6DD17BA95894632E234C |
SHA-256: | 1BE13ABB4636DAF31C9FFD1A8B8EF616B429C2304D2B8328522C116A0D0AD4A6 |
SHA-512: | 74D05A2A1122A02CB27382C2DED4F1C93C36FE2EA884B1962048889353DBFB939A950AA90254352F6968B5660F2629C7AC56475F6D22230F98DDFBD544EB0DCD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 4.002443019104078 |
Encrypted: | false |
SSDEEP: | 48:8X8K0dsQTM0hDbYEHgidAKZdA16ehDiZUkwqehIy+R:8MKRQYODbgiy |
MD5: | 08A8E05DD151345768A10BD459B19FED |
SHA1: | 7DD567BD5A807E18B117E3F091CBDC69800F4ACC |
SHA-256: | 920B9D6A37099D8F54B3DE19EA3CC7CA27C5AF84C6EC6788B0739AD72499050E |
SHA-512: | 2EA0664C2F228FAD0BF89545FC869D215E92E0C9B5BBCB145A01058F387DC8C42814FB90D490F6C2967E12F595713D49B6403A2DC555F2C0943C1CA27CDA93E0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.990145364487473 |
Encrypted: | false |
SSDEEP: | 48:88K0dsQTM0hDbYEHgidAKZdA1UehBiZUk1W1qehGy+C:88KRQYODbA9my |
MD5: | 27393E7C6E9357D98BE6072ACB6CBC23 |
SHA1: | 8607FB50C4DE73C52ABCA21DEFC36E7B0DFDCA58 |
SHA-256: | 210856FB459BC89F1D3389B3F2B4729B407FF9DF165780E31AF35C02692E0D7C |
SHA-512: | 63AB2B5EF1F27FE5D31DC3BADDC87768703DE7DB5BCF8AB58314C35CFAC23DA3EF0E9BD4516D4223D5425BC118657E71B50A02F3F4A64C18A4FF238FCA4B2D27 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 4.002177543584746 |
Encrypted: | false |
SSDEEP: | 48:8EK0dsQTM0hDbYEHgidAKZdA1duTrehOuTbbiZUk5OjqehOuTbwy+yT+:8EKRQYODbtTYTbxWOvTbwy7T |
MD5: | D0A1C06C7B240C912E6D27AFAC361BF4 |
SHA1: | AAB9C1AD3FCF0318B3D2AEFDD0BB31DB06BA327D |
SHA-256: | A57F265EBCA4940E8A66054063B5441F630C74760ECE01E120CE4AD9224E2CB3 |
SHA-512: | 1F9DC8CAB1B3248042F6E9CA5CCE38BF1DC3FC6760A7DC89F81DDD2770808159DC88D7F88161B965CF259E4DA869FC868A04B0E103DB0F3051A2E6CC57A12747 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13339 |
Entropy (8bit): | 7.683569563478597 |
Encrypted: | false |
SSDEEP: | 192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM |
MD5: | 512625CF8F40021445D74253DC7C28C0 |
SHA1: | F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730 |
SHA-256: | 1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369 |
SHA-512: | AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 18367 |
Entropy (8bit): | 7.7772261735974215 |
Encrypted: | false |
SSDEEP: | 384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX |
MD5: | 240C4CC15D9FD65405BB642AB81BE615 |
SHA1: | 5A66783FE5DD932082F40811AE0769526874BFD3 |
SHA-256: | 030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07 |
SHA-512: | 267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0 |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-no-resolution.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1154 |
Entropy (8bit): | 4.59126408969148 |
Encrypted: | false |
SSDEEP: | 24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS |
MD5: | 37258A983459AE1C2E4F1E551665F388 |
SHA1: | 603A4E9115E613CC827206CF792C62AEB606C941 |
SHA-256: | 8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44 |
SHA-512: | 184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 443348 |
Entropy (8bit): | 5.079350267097991 |
Encrypted: | false |
SSDEEP: | 6144:Fe43jzKCey05dPjZkYh6BFPDxZYX04GK7MI:NKCeyQPjj |
MD5: | DBAAB65D35238246BEAF5AA34B9736CF |
SHA1: | DFA25539F60B3A4F60B933515309E97DA379C2C5 |
SHA-256: | 564E1C96899DDBC5692257CC9F2EEB8F615220E23466BF333FD26FE28BEACF78 |
SHA-512: | 16EEA9018AD102EEEE67CE940A992EF610EF99BE36F803957B47FD0EF4F65B15FF23A39AF5D931E23A39D89BC68DB1026E904F5B172A7374B69A8AC76E466225 |
Malicious: | false |
URL: | https://learn.microsoft.com/static/assets/0.4.027605576/styles/site-ltr.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3130 |
Entropy (8bit): | 4.790069981348324 |
Encrypted: | false |
SSDEEP: | 48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc |
MD5: | EBA6E81304F2F555E1D2EA3126A18A41 |
SHA1: | 61429C3FE837FD4DD68E7B26678F131F2E00070D |
SHA-256: | F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81 |
SHA-512: | 3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15427 |
Entropy (8bit): | 7.784472070227724 |
Encrypted: | false |
SSDEEP: | 384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI |
MD5: | 3062488F9D119C0D79448BE06ED140D8 |
SHA1: | 8A148951C894FC9E968D3E46589A2E978267650E |
SHA-256: | C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332 |
SHA-512: | 00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 16 |
Entropy (8bit): | 3.875 |
Encrypted: | false |
SSDEEP: | 3:HMB:k |
MD5: | 0B04EA412F8FC88B51398B1CBF38110E |
SHA1: | E073BCC5A03E7BBA2A16CF201A3CED1BE7533FBF |
SHA-256: | 7562254FF78FD854F0A8808E75A406F5C6058B57B71514481DAE490FC7B8F4C3 |
SHA-512: | 6D516068C3F3CBFC1500032E600BFF5542EE30C0EAC11A929EE002C707810BBF614A5586C2673EE959AFDF19C08F6EAEFA18193AD6CEDC839BDF249CF95E8079 |
Malicious: | false |
URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkEurwx6c-nJBIFDb_mJfI=?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 206998 |
Entropy (8bit): | 5.418793847287795 |
Encrypted: | false |
SSDEEP: | 3072:X/9cGgmjXCGzE0ploS6MeaUpyd57vUDgg4+RT7:XlcGxxsfMe3pyPvkB4cT7 |
MD5: | DEAA16321132C38272BDA251563F48A1 |
SHA1: | 0209A287D78181B0A8FC3644E8E99BE2105F46F0 |
SHA-256: | 80934D21B5493C94EE3AA1F35745543326CF6C9D695C85C635BAD9C19CE0D84F |
SHA-512: | 0473BF532047268B569B54B23C1B0117FB25A21058C2E985E9D245E695A523ABC983DF4D64A2420D635A02FFF6A83E5393A75608FB8EC10DB2834D54456DDA91 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 18768 |
Entropy (8bit): | 7.987865266610692 |
Encrypted: | false |
SSDEEP: | 384:Jg8I5VXe4fT0sr9WHEzMrMk7OF+IkXpFlhwOFKepi9L6hOz:JRyVnpr8MeOFwpFbgZx6ha |
MD5: | 870B357C3BAE1178740236D64790E444 |
SHA1: | 5FA06435D0ECF28CBD005773F8C335C44D7DF522 |
SHA-256: | 0227BD6A0408946E9B4DF6F1A340E3713759A42A7677BDB8CB34698E4EDF541E |
SHA-512: | 7FC902E787B1F51B86D967354C0F2987EA9FD582FEF2959831EA6DBC5E7BF998A8F24BA906F0EE99AE8493AEB0C53AF06BEE106D60B448AC50B827C63B1ED169 |
Malicious: | false |
URL: | https://learn.microsoft.com/static/assets/0.4.027605576/styles/docons.aa8255ca.woff2 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2945 |
Entropy (8bit): | 5.11559629166894 |
Encrypted: | false |
SSDEEP: | 48:YJckl90I99HHJ3PSC/HCcTxdB4H0CrsfSMrxMZuv15C/h1/8iHd0MBToe1xrvAKB:gjlJFSCVxd7wsfSMrxguv+/h1P0MBToE |
MD5: | 16A9A2CEBAEBD81D7E24D9D73988CFDB |
SHA1: | C28CD7B14A019A7A800EC5CC4315BCD27DB00A16 |
SHA-256: | 115DAC6DD805A8F85C48218C1292D9633E63131FE8907DA7ED4730197C4E6AAF |
SHA-512: | 468BEB586F938ED8A2F22D26D20A43ED3C1F77C014EAC5EE9BD16965AF2AE1723FCDD2D42D37BE8AF1911B2F44382BF16B7FE0C71AE856537C444DDABFDCA466 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 206998 |
Entropy (8bit): | 5.418793847287795 |
Encrypted: | false |
SSDEEP: | 3072:X/9cGgmjXCGzE0ploS6MeaUpyd57vUDgg4+RT7:XlcGxxsfMe3pyPvkB4cT7 |
MD5: | DEAA16321132C38272BDA251563F48A1 |
SHA1: | 0209A287D78181B0A8FC3644E8E99BE2105F46F0 |
SHA-256: | 80934D21B5493C94EE3AA1F35745543326CF6C9D695C85C635BAD9C19CE0D84F |
SHA-512: | 0473BF532047268B569B54B23C1B0117FB25A21058C2E985E9D245E695A523ABC983DF4D64A2420D635A02FFF6A83E5393A75608FB8EC10DB2834D54456DDA91 |
Malicious: | false |
URL: | https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2945 |
Entropy (8bit): | 5.11559629166894 |
Encrypted: | false |
SSDEEP: | 48:YJckl90I99HHJ3PSC/HCcTxdB4H0CrsfSMrxMZuv15C/h1/8iHd0MBToe1xrvAKB:gjlJFSCVxd7wsfSMrxguv+/h1P0MBToE |
MD5: | 16A9A2CEBAEBD81D7E24D9D73988CFDB |
SHA1: | C28CD7B14A019A7A800EC5CC4315BCD27DB00A16 |
SHA-256: | 115DAC6DD805A8F85C48218C1292D9633E63131FE8907DA7ED4730197C4E6AAF |
SHA-512: | 468BEB586F938ED8A2F22D26D20A43ED3C1F77C014EAC5EE9BD16965AF2AE1723FCDD2D42D37BE8AF1911B2F44382BF16B7FE0C71AE856537C444DDABFDCA466 |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/banners/index.json |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 49783 |
Entropy (8bit): | 5.052270079620471 |
Encrypted: | false |
SSDEEP: | 768:6DcycfvwcwOffIYswsuKJmQT1Yn4/1ggM6F5F30leYUS99AG:6Y/ovOff9swsu+mQTO4/1BzRUhUe95 |
MD5: | E77FFFD507B64085DDC6B99DE2B03710 |
SHA1: | 5FE0D5E7BBD6E36A8215629E09D0F57BDAE2E32A |
SHA-256: | 3AA4ED6C1B3CC8940116D35D0AFF1B519675236ABFD1D7720D68E1833AF6BDD1 |
SHA-512: | D4FBE712574D558FD2238B5FA0F5D9F2D9495B1DF65B81FACEB53ED8E9C2D4770F98CF870E67425D752A6726477E2E9B855D148FFB6E1169A1D4121451F615BA |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=LisectAVT_2403002C_142.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 15427 |
Entropy (8bit): | 7.784472070227724 |
Encrypted: | false |
SSDEEP: | 384:CKKdvwj3SJMpKKKKKKKKikCyKwqHILyPGQV4ykihKKKKKKKCm:CKKdvMMgKKKKKKKKiqB3yPVXkihKKKKI |
MD5: | 3062488F9D119C0D79448BE06ED140D8 |
SHA1: | 8A148951C894FC9E968D3E46589A2E978267650E |
SHA-256: | C47A383DE6DD60149B37DD24825D42D83CB48BE0ED094E3FC3B228D0A7BB9332 |
SHA-512: | 00BBA6BCBFBF44B977129594A47F732809DCE7D4E2D22D050338E4EEA91FCC02A9B333C45EEB4C9024DF076CBDA0B46B621BF48309C0D037D19BBEAE0367F5ED |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-recommended-changes.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 52717 |
Entropy (8bit): | 5.462668685745912 |
Encrypted: | false |
SSDEEP: | 1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ |
MD5: | 413FCC759CC19821B61B6941808B29B5 |
SHA1: | 1AD23B8A202043539C20681B1B3E9F3BC5D55133 |
SHA-256: | DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536 |
SHA-512: | E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 52717 |
Entropy (8bit): | 5.462668685745912 |
Encrypted: | false |
SSDEEP: | 1536:tjspYRrxlhd0fq3agV3IcgPPPI3r7DAQHCloIB3Tj7xHw:tjZLCtxQ |
MD5: | 413FCC759CC19821B61B6941808B29B5 |
SHA1: | 1AD23B8A202043539C20681B1B3E9F3BC5D55133 |
SHA-256: | DAF7759FEDD9AF6C4D7E374B0D056547AE7CB245EC24A1C4ACF02932F30DC536 |
SHA-512: | E9BF8A74FEF494990AAFD15A0F21E0398DC28B4939C8F9F8AA1F3FFBD18056C8D1AB282B081F5C56F0928C48E30E768F7E347929304B55547F9CA8C1AABD80B8 |
Malicious: | false |
URL: | https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1173007 |
Entropy (8bit): | 5.503893944397598 |
Encrypted: | false |
SSDEEP: | 24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT |
MD5: | 2E00D51C98DBB338E81054F240E1DEB2 |
SHA1: | D33BAC6B041064AE4330DCC2D958EBE4C28EBE58 |
SHA-256: | 300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862 |
SHA-512: | B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9 |
Malicious: | false |
URL: | https://learn.microsoft.com/static/third-party/MathJax/3.2.2/tex-mml-chtml.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 13339 |
Entropy (8bit): | 7.683569563478597 |
Encrypted: | false |
SSDEEP: | 192:zjSKAj04ndWb6OuzZjk6TsEaJS0/bJur2Gz4Imm3MhE4NfM:zutfW69XTspsG3G0TfhEQM |
MD5: | 512625CF8F40021445D74253DC7C28C0 |
SHA1: | F6B27CE0F7D4E48E34FDDCA8A96337F07CFFE730 |
SHA-256: | 1D4DCEE8511D5371FEC911660D6049782E12901C662B409A5C675772E9B87369 |
SHA-512: | AE02319D03884D758A86C286B6F593BDFFD067885D56D82EEB8215FDCB41637C7BB9109039E7FBC93AD246D030C368FB285B3161976ED485ABC5A8DF6DF9A38C |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/repair-tool-changes-complete.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 17174 |
Entropy (8bit): | 2.9129715116732746 |
Encrypted: | false |
SSDEEP: | 24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO |
MD5: | 12E3DAC858061D088023B2BD48E2FA96 |
SHA1: | E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5 |
SHA-256: | 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21 |
SHA-512: | C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01 |
Malicious: | false |
URL: | https://learn.microsoft.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5655 |
Entropy (8bit): | 4.790648170893192 |
Encrypted: | false |
SSDEEP: | 96:ogVOjPWccI3aDNjExAjfWQpL0dpwmWMv7BRevy8RJNjvZPyJ2tlh7RewZUZSeZV1:og2cUaDNjESLWQN0dpwm99qllVR7pUZF |
MD5: | D3383426D3B6D3B34CFE726209647339 |
SHA1: | E656FAA1B2A5235C9E745C534BC7FB10396484D7 |
SHA-256: | 6B7B929D611665A1F5EC015EB590FC70BA1F2C6D0D131F5796A53874C0ADFDE2 |
SHA-512: | F39A67F02165DB08D31B50FDB21667A286C15B774D3E31FA0ED727DA29BFE7C5C50F691367AC19511660BB38EA9B9F3395C27865AF9A1FB3EA8DD90C15004669 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 17174 |
Entropy (8bit): | 2.9129715116732746 |
Encrypted: | false |
SSDEEP: | 24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO |
MD5: | 12E3DAC858061D088023B2BD48E2FA96 |
SHA1: | E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5 |
SHA-256: | 90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21 |
SHA-512: | C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72 |
Entropy (8bit): | 4.241202481433726 |
Encrypted: | false |
SSDEEP: | 3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY |
MD5: | 9E576E34B18E986347909C29AE6A82C6 |
SHA1: | 532C767978DC2B55854B3CA2D2DF5B4DB221C934 |
SHA-256: | 88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D |
SHA-512: | 5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 13842 |
Entropy (8bit): | 7.802399161550213 |
Encrypted: | false |
SSDEEP: | 192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk |
MD5: | F6EC97C43480D41695065AD55A97B382 |
SHA1: | D9C3D0895A5ED1A3951B8774B519B8217F0A54C5 |
SHA-256: | 07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68 |
SHA-512: | 22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/install-3-5.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32029 |
Entropy (8bit): | 4.903574747591743 |
Encrypted: | false |
SSDEEP: | 384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZjV8din4ELi:5hOEO8chkMet7pCjBfnWOLi |
MD5: | 178A496645B67ABCE799D62DB8095CAB |
SHA1: | 0C264AFE3DB13E5B00A0E497FB6AB8556EB97939 |
SHA-256: | 70A34968E8715CF14074EA089B66896A9BC10AF79352DB8A40DA83467891F92D |
SHA-512: | EF7CDA8F433A47BABCBB74A57C3B4A20251A6D52E5C9CBEC33B5889A110760719180776BD9C7D7964CF140F950CAB8BC2AD08EAB5FA650FE7744FD9242C67E23 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 5655 |
Entropy (8bit): | 4.790648170893192 |
Encrypted: | false |
SSDEEP: | 96:ogVOjPWccI3aDNjExAjfWQpL0dpwmWMv7BRevy8RJNjvZPyJ2tlh7RewZUZSeZV1:og2cUaDNjESLWQN0dpwm99qllVR7pUZF |
MD5: | D3383426D3B6D3B34CFE726209647339 |
SHA1: | E656FAA1B2A5235C9E745C534BC7FB10396484D7 |
SHA-256: | 6B7B929D611665A1F5EC015EB590FC70BA1F2C6D0D131F5796A53874C0ADFDE2 |
SHA-512: | F39A67F02165DB08D31B50FDB21667A286C15B774D3E31FA0ED727DA29BFE7C5C50F691367AC19511660BB38EA9B9F3395C27865AF9A1FB3EA8DD90C15004669 |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/content-nav/site-header/site-header.json? |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 35005 |
Entropy (8bit): | 7.980061050467981 |
Encrypted: | false |
SSDEEP: | 768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR |
MD5: | 522037F008E03C9448AE0AAAF09E93CB |
SHA1: | 8A32997EAB79246BEED5A37DB0C92FBFB006BEF2 |
SHA-256: | 983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7 |
SHA-512: | 643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8 |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/dotnet/framework/install/media/application-not-started/app-could-not-be-started.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1478 |
Entropy (8bit): | 5.030941252322257 |
Encrypted: | false |
SSDEEP: | 24:TGAg3Efef6tfTf/fffCfxfdffW4N5f0f8fK8zyRWmmkYRWDKslbzP3LTPv4NUhqI:TK0W6bXnq512ysUbkfKCvUjeGxbu |
MD5: | 020629EBA820F2E09D8CDA1A753C032B |
SHA1: | D91A65036E4C36B07AE3641E32F23F8DD616BD17 |
SHA-256: | F8AE8A1DC7CE7877B9FB9299183D2EBB3BEFAD0B6489AE785D99047EC2EB92D1 |
SHA-512: | EF5A5C7A301DE55D103B1BE375D988970D9C4ECD62CE464F730C49E622128F431761D641E1DFAA32CA03F8280B435AE909486806DF62A538B48337725EB63CE1 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4897 |
Entropy (8bit): | 4.794639101874543 |
Encrypted: | false |
SSDEEP: | 96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzVqrpCvJ4QG63JjJ+do88HxbqP:dgQ+KfZcbhaWjp45qtAdflfDOFnNgBy4 |
MD5: | 84E6C95F0E5378BDA94FA965C4692FAF |
SHA1: | 7C1D6572906509B08F8CD7B7A33EB9F9697EE6D1 |
SHA-256: | 88A4A7B4F1160F8CAD3EB835116C29AC39659D586D4DADC54D9E40AC7E1BC610 |
SHA-512: | D34BFF37F8402B4A1FEE3C26F247A86D72666647A10E83D711A1BED1D24C6FC13674D65DCC037C22811B227FEC34B5DE20442191A42F9D78FC79D55FD5792761 |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/content-nav/MSDocsHeader-DotNet.json? |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72 |
Entropy (8bit): | 4.241202481433726 |
Encrypted: | false |
SSDEEP: | 3:YozDD/RNgQJzRWWlKFiFD3e4xCzY:YovtNgmzR/wYFDxkY |
MD5: | 9E576E34B18E986347909C29AE6A82C6 |
SHA1: | 532C767978DC2B55854B3CA2D2DF5B4DB221C934 |
SHA-256: | 88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D |
SHA-512: | 5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1173007 |
Entropy (8bit): | 5.503893944397598 |
Encrypted: | false |
SSDEEP: | 24576:VMga+4IVzOjS1Jho1WXQFjTEr39/jHXzT:VMcVzOjS1Jho1WXQar39/bXzT |
MD5: | 2E00D51C98DBB338E81054F240E1DEB2 |
SHA1: | D33BAC6B041064AE4330DCC2D958EBE4C28EBE58 |
SHA-256: | 300480069078B5892D2363A2B65E2DFBBF30FE5C80F83EDBFECF4610FD093862 |
SHA-512: | B6268D980CE9CB729C82DBA22F04FD592952B2A1AAB43079CA5330C68A86E72B0D232CE4070DB893A5054EE5C68325C92C9F1A33F868D61EBB35129E74FC7EF9 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1729946 |
Entropy (8bit): | 5.506784610641439 |
Encrypted: | false |
SSDEEP: | 24576:BBweqomwDtVnoZlsG3QO/GFGVgTvjC10wCTOWIzE+0RlMVSB1DkCXWEea87ZGxnJ:BiwDbotVSB1DkCXWEe57ZGxnS+Vh2xDg |
MD5: | 95DE4EB9C18E800B4E68761D99845561 |
SHA1: | 8CD61A75D8E9D5A1EB894284850AAB6C1E547D6D |
SHA-256: | 15163779156DA543DEFAAFC12F7C1A850C91411FE7495F03C3BFE0231D5057E3 |
SHA-512: | 86BDE4F52A505FAC4BC49A30C0BDB145D88F568917E8EC89C26CFAA7E7DF85E9744291470E3587312196D93FB6BAA6F75B29D88CB722B7969C284C9A31886DBE |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1154 |
Entropy (8bit): | 4.59126408969148 |
Encrypted: | false |
SSDEEP: | 24:txFRuJpzYeGK+VS6ckNL2091JP/UcHc8oQJ1sUWMLc/jH6GbKqjHJIOHA:JsfcU6ckNL2091Z/U/YsUDM+GhS |
MD5: | 37258A983459AE1C2E4F1E551665F388 |
SHA1: | 603A4E9115E613CC827206CF792C62AEB606C941 |
SHA-256: | 8E34F3807B4BF495D8954E7229681DA8D0DD101DD6DDC2AD7F90CD2983802B44 |
SHA-512: | 184CB63EF510143B0AF013F506411C917D68BB63F2CFA47EA2A42688FD4F55F3B820AF94F87083C24F48AACEE6A692199E185FC5C5CFBED5D70790454EED7F5C |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/media/logos/logo_net.svg |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 32029 |
Entropy (8bit): | 4.903574747591743 |
Encrypted: | false |
SSDEEP: | 384:FnvJOb4OLIch+KCnMet7NPXlJl+HjZjBTRdE0zIwHdZjV8din4ELi:5hOEO8chkMet7pCjBfnWOLi |
MD5: | 178A496645B67ABCE799D62DB8095CAB |
SHA1: | 0C264AFE3DB13E5B00A0E497FB6AB8556EB97939 |
SHA-256: | 70A34968E8715CF14074EA089B66896A9BC10AF79352DB8A40DA83467891F92D |
SHA-512: | EF7CDA8F433A47BABCBB74A57C3B4A20251A6D52E5C9CBEC33B5889A110760719180776BD9C7D7964CF140F950CAB8BC2AD08EAB5FA650FE7744FD9242C67E23 |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/dotnet/framework/toc.json |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1478 |
Entropy (8bit): | 5.030941252322257 |
Encrypted: | false |
SSDEEP: | 24:TGAg3Efef6tfTf/fffCfxfdffW4N5f0f8fK8zyRWmmkYRWDKslbzP3LTPv4NUhqI:TK0W6bXnq512ysUbkfKCvUjeGxbu |
MD5: | 020629EBA820F2E09D8CDA1A753C032B |
SHA1: | D91A65036E4C36B07AE3641E32F23F8DD616BD17 |
SHA-256: | F8AE8A1DC7CE7877B9FB9299183D2EBB3BEFAD0B6489AE785D99047EC2EB92D1 |
SHA-512: | EF5A5C7A301DE55D103B1BE375D988970D9C4ECD62CE464F730C49E622128F431761D641E1DFAA32CA03F8280B435AE909486806DF62A538B48337725EB63CE1 |
Malicious: | false |
URL: | https://learn.microsoft.com/static/assets/0.4.027605576/global/deprecation.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 35005 |
Entropy (8bit): | 7.980061050467981 |
Encrypted: | false |
SSDEEP: | 768:aHBEr/QXnbCgWotMq4AZZivq2/Qu0cEv1FjHBep6U0Z/68R:ahWqbTWiM7ACvdIdldhep4rR |
MD5: | 522037F008E03C9448AE0AAAF09E93CB |
SHA1: | 8A32997EAB79246BEED5A37DB0C92FBFB006BEF2 |
SHA-256: | 983C35607C4FB0B529CA732BE42115D3FCAAC947CEE9C9632F7CACDBDECAF5A7 |
SHA-512: | 643EC613B2E7BDBB2F61E1799C189B0E3392EA5AE10845EB0B1F1542A03569E886F4B54D5B38AF10E78DB49C71357108C94589474B181F6A4573B86CF2D6F0D8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13842 |
Entropy (8bit): | 7.802399161550213 |
Encrypted: | false |
SSDEEP: | 192:NLNf+jBQsDHg7av3EEondO8PuRu2mIYXEIiDm42NpsHFMHfgnJ4K2DVwv:NLt+1jDmY+ndXwjLUpiDwpzfwoDVk |
MD5: | F6EC97C43480D41695065AD55A97B382 |
SHA1: | D9C3D0895A5ED1A3951B8774B519B8217F0A54C5 |
SHA-256: | 07A599FAB1E66BABC430E5FED3029F25FF3F4EA2DD0EC8968FFBA71EF1872F68 |
SHA-512: | 22462763178409D60609761A2AF734F97B35B9A818EC1FD9046AFAB489AAD83CE34896EE8586EFE402EA7739ECF088BC2DB5C1C8E4FB39E6A0FC5B3ADC6B4A9B |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4897 |
Entropy (8bit): | 4.794639101874543 |
Encrypted: | false |
SSDEEP: | 96:A0AIvEQ+KfZcbhaW9dp45qtAdflfDOFnymoLByzVqrpCvJ4QG63JjJ+do88HxbqP:dgQ+KfZcbhaWjp45qtAdflfDOFnNgBy4 |
MD5: | 84E6C95F0E5378BDA94FA965C4692FAF |
SHA1: | 7C1D6572906509B08F8CD7B7A33EB9F9697EE6D1 |
SHA-256: | 88A4A7B4F1160F8CAD3EB835116C29AC39659D586D4DADC54D9E40AC7E1BC610 |
SHA-512: | D34BFF37F8402B4A1FEE3C26F247A86D72666647A10E83D711A1BED1D24C6FC13674D65DCC037C22811B227FEC34B5DE20442191A42F9D78FC79D55FD5792761 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1729946 |
Entropy (8bit): | 5.506784610641439 |
Encrypted: | false |
SSDEEP: | 24576:BBweqomwDtVnoZlsG3QO/GFGVgTvjC10wCTOWIzE+0RlMVSB1DkCXWEea87ZGxnJ:BiwDbotVSB1DkCXWEe57ZGxnS+Vh2xDg |
MD5: | 95DE4EB9C18E800B4E68761D99845561 |
SHA1: | 8CD61A75D8E9D5A1EB894284850AAB6C1E547D6D |
SHA-256: | 15163779156DA543DEFAAFC12F7C1A850C91411FE7495F03C3BFE0231D5057E3 |
SHA-512: | 86BDE4F52A505FAC4BC49A30C0BDB145D88F568917E8EC89C26CFAA7E7DF85E9744291470E3587312196D93FB6BAA6F75B29D88CB722B7969C284C9A31886DBE |
Malicious: | false |
URL: | https://learn.microsoft.com/static/assets/0.4.027605576/scripts/en-us/index-docs.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3130 |
Entropy (8bit): | 4.790069981348324 |
Encrypted: | false |
SSDEEP: | 48:YWuGl640ynAqgDJ9OJWuO6Z3Db8VgK/ni47ttbtlSlA37ERw7II77Aj5M1:Nv0ynAhD3CO5t5lNEYIOEjc |
MD5: | EBA6E81304F2F555E1D2EA3126A18A41 |
SHA1: | 61429C3FE837FD4DD68E7B26678F131F2E00070D |
SHA-256: | F309CCCE17B2B4706E7110F6C76F81761F0A44168D12C358AC4D120776907F81 |
SHA-512: | 3BE0466794E7BDDC8565758DBF5553E89ED0003271F07695F09283F242BB65C1978ED79A38D5E589A99F68C0130E1E4B52576D7CD655EE272EE104BE0378E72E |
Malicious: | false |
URL: | https://learn.microsoft.com/en-us/dotnet/breadcrumb/toc.json |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 18367 |
Entropy (8bit): | 7.7772261735974215 |
Encrypted: | false |
SSDEEP: | 384:4qqZYz7CAda2Qmd6VWWNg9h8XvdkRbdi2nki:1qZYz7Cma2hYNMh8XvdObdi2nX |
MD5: | 240C4CC15D9FD65405BB642AB81BE615 |
SHA1: | 5A66783FE5DD932082F40811AE0769526874BFD3 |
SHA-256: | 030272CE6BA1BECA700EC83FDED9DBDC89296FBDE0633A7F5943EF5831876C07 |
SHA-512: | 267FE31BC25944DD7B6071C2C2C271CCC188AE1F6A0D7E587DCF9198B81598DA6B058D1B413F228DF0CB37C8304329E808089388359651E81B5F3DEC566D0EE0 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 5.87969851994072 |
TrID: |
|
File name: | LisectAVT_2403002C_142.exe |
File size: | 112'128 bytes |
MD5: | 01da9ea1cc55c02a1755b20a4ec69f05 |
SHA1: | 1e2d88fc38f6afbde00ce873c2325c8d0c327879 |
SHA256: | e10057cbc98b12819a4a3a41f68281398a3f18f0a411019e7f069b31a11395fc |
SHA512: | d005b838b5905ab8f10b7b6e581f976879d518a6c714722a64e0551b25b3a4793d8a696e8ffeb316e0893284886285a28007310c549b795e7bd9900c4439c05b |
SSDEEP: | 1536:LgxOx6baIa9RZj00ljEwzGi1dD8DlgSg2GCq2iW7z:LgxbaIa93jNSi1dCyMGCH |
TLSH: | 61B3084977E42424E4BF56F79871F2004F34B4871642E39E49F259AB1A33AC44F89EEB |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?|.f................................. ........@.. ....................... ............@................................ |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x41c000 |
Entrypoint Section: | >|u |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66007C3F [Sun Mar 24 19:17:19 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
push ebp |
mov ebp, esp |
sub esp, 0000016Ch |
xor eax, eax |
push ebx |
push esi |
push edi |
mov dword ptr [ebp-24h], eax |
mov dword ptr [ebp-10h], eax |
mov dword ptr [ebp-14h], eax |
mov dword ptr [ebp-08h], eax |
mov dword ptr [ebp-0Ch], eax |
mov dword ptr [ebp-20h], eax |
mov dword ptr [ebp-18h], eax |
mov dword ptr [ebp-48h], 47505765h |
mov dword ptr [ebp-44h], 652E4255h |
mov dword ptr [ebp-40h], 00006578h |
mov dword ptr [ebp-3Ch], 00000000h |
call 00007F07C885A4F5h |
pop eax |
add eax, 00000225h |
mov dword ptr [ebp-04h], eax |
mov eax, dword ptr fs:[00000030h] |
mov dword ptr [ebp-28h], eax |
mov eax, dword ptr [ebp-04h] |
mov dword ptr [eax], E904C483h |
mov eax, dword ptr [ebp-04h] |
mov dword ptr [eax+04h], FFFFCC8Dh |
mov eax, dword ptr [ebp-28h] |
mov eax, dword ptr [eax+0Ch] |
mov eax, dword ptr [eax+1Ch] |
mov eax, dword ptr [eax] |
mov eax, dword ptr [eax+08h] |
mov ecx, dword ptr [eax+3Ch] |
mov ecx, dword ptr [ecx+eax+78h] |
add ecx, eax |
mov edi, dword ptr [ecx+1Ch] |
mov ebx, dword ptr [ecx+20h] |
mov esi, dword ptr [ecx+24h] |
mov ecx, dword ptr [ecx+18h] |
add esi, eax |
add edi, eax |
add ebx, eax |
xor edx, edx |
mov dword ptr [ebp-30h], esi |
mov dword ptr [ebp-1Ch], edx |
mov dword ptr [ebp-34h], ecx |
cmp edx, dword ptr [ebp-34h] |
jnc 00007F07C885A63Eh |
movzx ecx, word ptr [esi+edx*2] |
mov edx, dword ptr [ebx+edx*4] |
mov esi, dword ptr [edi+ecx*4] |
add edx, eax |
mov ecx, dword ptr [edx] |
add esi, eax |
cmp ecx, 4D746547h |
jne 00007F07C885A544h |
cmp dword ptr [edx+04h], 6C75646Fh |
jne 00007F07C885A53Bh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x18ea8 | 0x53 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1a000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x16f04 | 0x17000 | 32d67fdac305711b4aeb32f409a975b5 | False | 0.3680579144021739 | data | 5.591546860496406 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.reloc | 0x1a000 | 0xc | 0x200 | 02466978873e232bef309f048b95192f | False | 0.041015625 | data | 0.08153941234324169 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
>|u | 0x1c000 | 0x6000 | 0x4200 | 973ec8a3a78ff4be698f3b3a8e2ee1b7 | False | 0.7774621212121212 | data | 6.934439630498995 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | Protocol | SID | Signature | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
2024-07-25T09:47:57.186261+0200 | TCP | 2012510 | ET SHELLCODE UTF-8/16 Encoded Shellcode | 443 | 49726 | 95.101.150.2 | 192.168.2.8 |
2024-07-25T09:47:59.822671+0200 | TCP | 2012510 | ET SHELLCODE UTF-8/16 Encoded Shellcode | 443 | 49737 | 95.101.150.2 | 192.168.2.8 |
2024-07-25T09:47:59.844808+0200 | TCP | 2012510 | ET SHELLCODE UTF-8/16 Encoded Shellcode | 443 | 49737 | 95.101.150.2 | 192.168.2.8 |
2024-07-25T09:48:40.834189+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 60450 | 20.12.23.50 | 192.168.2.8 |
2024-07-25T09:47:58.111870+0200 | TCP | 2012510 | ET SHELLCODE UTF-8/16 Encoded Shellcode | 443 | 49726 | 95.101.150.2 | 192.168.2.8 |
2024-07-25T09:47:56.967085+0200 | TCP | 2012510 | ET SHELLCODE UTF-8/16 Encoded Shellcode | 443 | 49726 | 95.101.150.2 | 192.168.2.8 |
2024-07-25T09:48:00.029513+0200 | TCP | 2012510 | ET SHELLCODE UTF-8/16 Encoded Shellcode | 443 | 49737 | 95.101.150.2 | 192.168.2.8 |
2024-07-25T09:48:00.949369+0200 | TCP | 2012510 | ET SHELLCODE UTF-8/16 Encoded Shellcode | 443 | 49737 | 95.101.150.2 | 192.168.2.8 |
2024-07-25T09:47:58.111882+0200 | TCP | 2012510 | ET SHELLCODE UTF-8/16 Encoded Shellcode | 443 | 49726 | 95.101.150.2 | 192.168.2.8 |
2024-07-25T09:47:56.999296+0200 | TCP | 2012510 | ET SHELLCODE UTF-8/16 Encoded Shellcode | 443 | 49726 | 95.101.150.2 | 192.168.2.8 |
2024-07-25T09:48:02.551404+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
2024-07-25T09:48:00.949372+0200 | TCP | 2012510 | ET SHELLCODE UTF-8/16 Encoded Shellcode | 443 | 49737 | 95.101.150.2 | 192.168.2.8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 25, 2024 09:47:40.392432928 CEST | 49676 | 443 | 192.168.2.8 | 52.182.143.211 |
Jul 25, 2024 09:47:40.673702002 CEST | 49673 | 443 | 192.168.2.8 | 23.206.229.226 |
Jul 25, 2024 09:47:41.001727104 CEST | 49672 | 443 | 192.168.2.8 | 23.206.229.226 |
Jul 25, 2024 09:47:41.659132957 CEST | 49671 | 443 | 192.168.2.8 | 204.79.197.203 |
Jul 25, 2024 09:47:42.001773119 CEST | 49677 | 80 | 192.168.2.8 | 192.229.211.108 |
Jul 25, 2024 09:47:50.001759052 CEST | 49676 | 443 | 192.168.2.8 | 52.182.143.211 |
Jul 25, 2024 09:47:50.283004999 CEST | 49673 | 443 | 192.168.2.8 | 23.206.229.226 |
Jul 25, 2024 09:47:50.612695932 CEST | 49672 | 443 | 192.168.2.8 | 23.206.229.226 |
Jul 25, 2024 09:47:52.254597902 CEST | 443 | 49704 | 23.206.229.226 | 192.168.2.8 |
Jul 25, 2024 09:47:52.254707098 CEST | 49704 | 443 | 192.168.2.8 | 23.206.229.226 |
Jul 25, 2024 09:47:52.635158062 CEST | 49677 | 80 | 192.168.2.8 | 192.229.211.108 |
Jul 25, 2024 09:47:55.015718937 CEST | 49719 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:47:55.015759945 CEST | 443 | 49719 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:47:55.016091108 CEST | 49719 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:47:55.016091108 CEST | 49719 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:47:55.016125917 CEST | 443 | 49719 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:47:55.348664999 CEST | 49720 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:55.348715067 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:55.348822117 CEST | 49720 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:55.368998051 CEST | 49720 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:55.369026899 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:55.687405109 CEST | 443 | 49719 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:47:55.687809944 CEST | 49719 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:47:55.687828064 CEST | 443 | 49719 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:47:55.688913107 CEST | 443 | 49719 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:47:55.688985109 CEST | 49719 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:47:55.689860106 CEST | 49719 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:47:55.689956903 CEST | 443 | 49719 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:47:55.741384029 CEST | 49719 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:47:55.741405964 CEST | 443 | 49719 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:47:55.796541929 CEST | 49719 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:47:55.796668053 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:55.796708107 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:55.796772003 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:55.799649954 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:55.799683094 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:55.799736977 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:55.800304890 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:55.800323963 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:55.800431967 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:55.800451040 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.037745953 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:56.037841082 CEST | 49720 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:56.112699032 CEST | 49720 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:56.112718105 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:56.113207102 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:56.165682077 CEST | 49720 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:56.196572065 CEST | 49720 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:56.240510941 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:56.387072086 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:56.387166977 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:56.387223005 CEST | 49720 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:56.387432098 CEST | 49720 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:56.387454987 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:56.387471914 CEST | 49720 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:56.387480021 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:56.428529024 CEST | 49727 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:56.428584099 CEST | 443 | 49727 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:56.428659916 CEST | 49727 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:56.428915024 CEST | 49727 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:56.428926945 CEST | 443 | 49727 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:56.483031034 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.483213902 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.483239889 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.484313011 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.484371901 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.489820004 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.490134001 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.490159035 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.490264893 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.490355015 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.490391970 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.491396904 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.491458893 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.492398024 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.492465019 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.492645025 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.492651939 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.530781984 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.530802011 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.546338081 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.578026056 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.615775108 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.615811110 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.615818977 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.615833998 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.615840912 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.615868092 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.615875006 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.615905046 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.615921974 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.615952969 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.631328106 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.631355047 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.631365061 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.631393909 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.631413937 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.631428957 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.631434917 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.631462097 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.631483078 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.631510019 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.706593990 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.706624031 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.706710100 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.706736088 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.706783056 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.710422039 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.710447073 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.710495949 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.710509062 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.710556984 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.727071047 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.727101088 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.727142096 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.727157116 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.727191925 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.727217913 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.730617046 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.730640888 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.730675936 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.730681896 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.730724096 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.731432915 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.731477976 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.731482029 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.731507063 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.731518984 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.731547117 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.731801033 CEST | 49725 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.731817007 CEST | 443 | 49725 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.760315895 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:56.760354042 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.760416031 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:56.760811090 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:56.760823011 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.796701908 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.796727896 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.796770096 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.796792984 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.796813011 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.796835899 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.800455093 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.800474882 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.800523996 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.800535917 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.800585985 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.803486109 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.803502083 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.803555012 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.803565025 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.803606033 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.806571007 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.806587934 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.806651115 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.806664944 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.806703091 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.910435915 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.910456896 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.910522938 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.910540104 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.910579920 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.914650917 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.914669037 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.914725065 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.914731026 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.914769888 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.918041945 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.918057919 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.918128967 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.918133974 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.918174982 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.919843912 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.919863939 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.919917107 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.919923067 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.919962883 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.921408892 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.921426058 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.921483994 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.921489000 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.921538115 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.922202110 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.922249079 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.922272921 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.922281981 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.922291040 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.922308922 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.922329903 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.925055981 CEST | 49724 | 443 | 192.168.2.8 | 13.107.246.42 |
Jul 25, 2024 09:47:56.925074100 CEST | 443 | 49724 | 13.107.246.42 | 192.168.2.8 |
Jul 25, 2024 09:47:56.940871000 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:56.940911055 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:56.940983057 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:56.941184998 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:56.941198111 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.093374014 CEST | 443 | 49727 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:57.093446016 CEST | 49727 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:57.094770908 CEST | 49727 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:57.094779968 CEST | 443 | 49727 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:57.095010042 CEST | 443 | 49727 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:57.096138000 CEST | 49727 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:57.136497974 CEST | 443 | 49727 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:57.374531984 CEST | 443 | 49727 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:57.374605894 CEST | 443 | 49727 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:57.374665976 CEST | 49727 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:57.376754999 CEST | 49727 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:57.376775980 CEST | 443 | 49727 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:57.376787901 CEST | 49727 | 443 | 192.168.2.8 | 184.28.90.27 |
Jul 25, 2024 09:47:57.376794100 CEST | 443 | 49727 | 184.28.90.27 | 192.168.2.8 |
Jul 25, 2024 09:47:57.508115053 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.508356094 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.508383989 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.509454012 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.509519100 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.509828091 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.509886026 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.509958029 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.509965897 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.557092905 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.633752108 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.641201019 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.641238928 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.641289949 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.641304016 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.641340017 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.641359091 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.641388893 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.659847021 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.660120964 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:57.660144091 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.663805962 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.663866997 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:57.664156914 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:57.664222956 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.664316893 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:57.664323092 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.716680050 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:57.731389046 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.731477022 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.731498003 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.731530905 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.731549025 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.731578112 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.736907959 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.736958027 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.736987114 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.737006903 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.737035036 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.737051010 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.737106085 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.737158060 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.737164974 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.737206936 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.737248898 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.737495899 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.737525940 CEST | 49730 | 443 | 192.168.2.8 | 13.107.253.42 |
Jul 25, 2024 09:47:57.737544060 CEST | 443 | 49730 | 13.107.253.42 | 192.168.2.8 |
Jul 25, 2024 09:47:57.784379005 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.784414053 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.784421921 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.784446955 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.784465075 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:57.784477949 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.784492970 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.784508944 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:57.784529924 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:57.784559965 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:57.875502110 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.875535965 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.875581026 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:57.875603914 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.875622988 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:57.875647068 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:57.881849051 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.881866932 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.881918907 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:57.881927013 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.881978035 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:57.999392033 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.999463081 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.999480963 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:57.999500036 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:57.999527931 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:57.999576092 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.000143051 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.000190973 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.000211000 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.000219107 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.000248909 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.000268936 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.008371115 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.008393049 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.008446932 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.008455038 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.008512974 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.011373997 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.011419058 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.011464119 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.011471033 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.011502981 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.011523962 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.092916012 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.092989922 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.093018055 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.093044996 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.093058109 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.093082905 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.094367027 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.094384909 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.094435930 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.094450951 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.094476938 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.094491959 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.095221996 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.095240116 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.095289946 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.095294952 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.095347881 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.096782923 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.096802950 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.096844912 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.096851110 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.096900940 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.187098026 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.187120914 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.187165022 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.187181950 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.187211990 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.187227964 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.187799931 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.187829018 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.187856913 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.187860966 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.187875986 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:47:58.187890053 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.187916994 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.210180044 CEST | 49732 | 443 | 192.168.2.8 | 13.107.253.45 |
Jul 25, 2024 09:47:58.210205078 CEST | 443 | 49732 | 13.107.253.45 | 192.168.2.8 |
Jul 25, 2024 09:48:01.389157057 CEST | 49760 | 443 | 192.168.2.8 | 40.68.123.157 |
Jul 25, 2024 09:48:01.389206886 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:01.389353037 CEST | 49760 | 443 | 192.168.2.8 | 40.68.123.157 |
Jul 25, 2024 09:48:01.391098976 CEST | 49760 | 443 | 192.168.2.8 | 40.68.123.157 |
Jul 25, 2024 09:48:01.391135931 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:02.181348085 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:02.181444883 CEST | 49760 | 443 | 192.168.2.8 | 40.68.123.157 |
Jul 25, 2024 09:48:02.190994024 CEST | 49760 | 443 | 192.168.2.8 | 40.68.123.157 |
Jul 25, 2024 09:48:02.191009998 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:02.191452026 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:02.244769096 CEST | 49760 | 443 | 192.168.2.8 | 40.68.123.157 |
Jul 25, 2024 09:48:02.286618948 CEST | 49760 | 443 | 192.168.2.8 | 40.68.123.157 |
Jul 25, 2024 09:48:02.332504988 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:02.550203085 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:02.550235033 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:02.550242901 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:02.550267935 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:02.550282001 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:02.550293922 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:02.550328970 CEST | 49760 | 443 | 192.168.2.8 | 40.68.123.157 |
Jul 25, 2024 09:48:02.550343037 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:02.550359964 CEST | 49760 | 443 | 192.168.2.8 | 40.68.123.157 |
Jul 25, 2024 09:48:02.550383091 CEST | 49760 | 443 | 192.168.2.8 | 40.68.123.157 |
Jul 25, 2024 09:48:02.551212072 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:02.551275015 CEST | 49760 | 443 | 192.168.2.8 | 40.68.123.157 |
Jul 25, 2024 09:48:02.551284075 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:02.551302910 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:02.551352024 CEST | 49760 | 443 | 192.168.2.8 | 40.68.123.157 |
Jul 25, 2024 09:48:02.563339949 CEST | 49760 | 443 | 192.168.2.8 | 40.68.123.157 |
Jul 25, 2024 09:48:02.563371897 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:02.563385010 CEST | 49760 | 443 | 192.168.2.8 | 40.68.123.157 |
Jul 25, 2024 09:48:02.563390970 CEST | 443 | 49760 | 40.68.123.157 | 192.168.2.8 |
Jul 25, 2024 09:48:05.580939054 CEST | 443 | 49719 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:48:05.581001043 CEST | 443 | 49719 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:48:05.581054926 CEST | 49719 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:48:05.602459908 CEST | 49719 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:48:05.602483034 CEST | 443 | 49719 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:48:06.046356916 CEST | 49704 | 443 | 192.168.2.8 | 23.206.229.226 |
Jul 25, 2024 09:48:06.051203966 CEST | 443 | 49704 | 23.206.229.226 | 192.168.2.8 |
Jul 25, 2024 09:48:16.259087086 CEST | 60448 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 25, 2024 09:48:16.265141964 CEST | 53 | 60448 | 1.1.1.1 | 192.168.2.8 |
Jul 25, 2024 09:48:16.265259981 CEST | 60448 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 25, 2024 09:48:16.265316963 CEST | 60448 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 25, 2024 09:48:16.271518946 CEST | 53 | 60448 | 1.1.1.1 | 192.168.2.8 |
Jul 25, 2024 09:48:16.859018087 CEST | 53 | 60448 | 1.1.1.1 | 192.168.2.8 |
Jul 25, 2024 09:48:16.863204002 CEST | 60448 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 25, 2024 09:48:16.870737076 CEST | 53 | 60448 | 1.1.1.1 | 192.168.2.8 |
Jul 25, 2024 09:48:16.870831966 CEST | 60448 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 25, 2024 09:48:31.228121996 CEST | 49703 | 80 | 192.168.2.8 | 199.232.214.172 |
Jul 25, 2024 09:48:31.540935040 CEST | 49703 | 80 | 192.168.2.8 | 199.232.214.172 |
Jul 25, 2024 09:48:31.998020887 CEST | 80 | 49703 | 199.232.214.172 | 192.168.2.8 |
Jul 25, 2024 09:48:31.999429941 CEST | 80 | 49703 | 199.232.214.172 | 192.168.2.8 |
Jul 25, 2024 09:48:31.999488115 CEST | 49703 | 80 | 192.168.2.8 | 199.232.214.172 |
Jul 25, 2024 09:48:39.987485886 CEST | 60450 | 443 | 192.168.2.8 | 20.12.23.50 |
Jul 25, 2024 09:48:39.987529039 CEST | 443 | 60450 | 20.12.23.50 | 192.168.2.8 |
Jul 25, 2024 09:48:39.987618923 CEST | 60450 | 443 | 192.168.2.8 | 20.12.23.50 |
Jul 25, 2024 09:48:39.988009930 CEST | 60450 | 443 | 192.168.2.8 | 20.12.23.50 |
Jul 25, 2024 09:48:39.988027096 CEST | 443 | 60450 | 20.12.23.50 | 192.168.2.8 |
Jul 25, 2024 09:48:40.613061905 CEST | 443 | 60450 | 20.12.23.50 | 192.168.2.8 |
Jul 25, 2024 09:48:40.613174915 CEST | 60450 | 443 | 192.168.2.8 | 20.12.23.50 |
Jul 25, 2024 09:48:40.614706993 CEST | 60450 | 443 | 192.168.2.8 | 20.12.23.50 |
Jul 25, 2024 09:48:40.614715099 CEST | 443 | 60450 | 20.12.23.50 | 192.168.2.8 |
Jul 25, 2024 09:48:40.615084887 CEST | 443 | 60450 | 20.12.23.50 | 192.168.2.8 |
Jul 25, 2024 09:48:40.616097927 CEST | 60450 | 443 | 192.168.2.8 | 20.12.23.50 |
Jul 25, 2024 09:48:40.660505056 CEST | 443 | 60450 | 20.12.23.50 | 192.168.2.8 |
Jul 25, 2024 09:48:40.827464104 CEST | 443 | 60450 | 20.12.23.50 | 192.168.2.8 |
Jul 25, 2024 09:48:40.827518940 CEST | 443 | 60450 | 20.12.23.50 | 192.168.2.8 |
Jul 25, 2024 09:48:40.827562094 CEST | 443 | 60450 | 20.12.23.50 | 192.168.2.8 |
Jul 25, 2024 09:48:40.827586889 CEST | 60450 | 443 | 192.168.2.8 | 20.12.23.50 |
Jul 25, 2024 09:48:40.827610016 CEST | 443 | 60450 | 20.12.23.50 | 192.168.2.8 |
Jul 25, 2024 09:48:40.827630997 CEST | 60450 | 443 | 192.168.2.8 | 20.12.23.50 |
Jul 25, 2024 09:48:40.827650070 CEST | 60450 | 443 | 192.168.2.8 | 20.12.23.50 |
Jul 25, 2024 09:48:40.833734989 CEST | 443 | 60450 | 20.12.23.50 | 192.168.2.8 |
Jul 25, 2024 09:48:40.833795071 CEST | 443 | 60450 | 20.12.23.50 | 192.168.2.8 |
Jul 25, 2024 09:48:40.833812952 CEST | 60450 | 443 | 192.168.2.8 | 20.12.23.50 |
Jul 25, 2024 09:48:40.833823919 CEST | 443 | 60450 | 20.12.23.50 | 192.168.2.8 |
Jul 25, 2024 09:48:40.833847046 CEST | 60450 | 443 | 192.168.2.8 | 20.12.23.50 |
Jul 25, 2024 09:48:40.833940983 CEST | 443 | 60450 | 20.12.23.50 | 192.168.2.8 |
Jul 25, 2024 09:48:40.833987951 CEST | 60450 | 443 | 192.168.2.8 | 20.12.23.50 |
Jul 25, 2024 09:48:40.834042072 CEST | 60450 | 443 | 192.168.2.8 | 20.12.23.50 |
Jul 25, 2024 09:48:40.834059000 CEST | 443 | 60450 | 20.12.23.50 | 192.168.2.8 |
Jul 25, 2024 09:48:54.964273930 CEST | 60453 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:48:54.964359045 CEST | 443 | 60453 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:48:54.964464903 CEST | 60453 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:48:54.964754105 CEST | 60453 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:48:54.964807034 CEST | 443 | 60453 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:48:55.742502928 CEST | 443 | 60453 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:48:55.742855072 CEST | 60453 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:48:55.742902994 CEST | 443 | 60453 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:48:55.743535995 CEST | 443 | 60453 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:48:55.743822098 CEST | 60453 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:48:55.743921041 CEST | 443 | 60453 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:48:55.791043997 CEST | 60453 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:49:05.532162905 CEST | 443 | 60453 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:49:05.532262087 CEST | 443 | 60453 | 172.217.18.4 | 192.168.2.8 |
Jul 25, 2024 09:49:05.532330036 CEST | 60453 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:49:07.230246067 CEST | 60453 | 443 | 192.168.2.8 | 172.217.18.4 |
Jul 25, 2024 09:49:07.230281115 CEST | 443 | 60453 | 172.217.18.4 | 192.168.2.8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 25, 2024 09:47:50.809377909 CEST | 53 | 58524 | 1.1.1.1 | 192.168.2.8 |
Jul 25, 2024 09:47:50.817761898 CEST | 53 | 50605 | 1.1.1.1 | 192.168.2.8 |
Jul 25, 2024 09:47:51.995273113 CEST | 53 | 65253 | 1.1.1.1 | 192.168.2.8 |
Jul 25, 2024 09:47:53.788778067 CEST | 50376 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 25, 2024 09:47:53.788988113 CEST | 64884 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 25, 2024 09:47:54.903347015 CEST | 51468 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 25, 2024 09:47:54.903595924 CEST | 60085 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 25, 2024 09:47:55.010911942 CEST | 53 | 51468 | 1.1.1.1 | 192.168.2.8 |
Jul 25, 2024 09:47:55.011104107 CEST | 53 | 60085 | 1.1.1.1 | 192.168.2.8 |
Jul 25, 2024 09:47:55.776076078 CEST | 64359 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 25, 2024 09:47:55.776192904 CEST | 55595 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 25, 2024 09:47:56.932029963 CEST | 58561 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 25, 2024 09:47:56.932161093 CEST | 62558 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 25, 2024 09:48:01.309175014 CEST | 53 | 53453 | 1.1.1.1 | 192.168.2.8 |
Jul 25, 2024 09:48:09.176326036 CEST | 53 | 51328 | 1.1.1.1 | 192.168.2.8 |
Jul 25, 2024 09:48:16.258554935 CEST | 53 | 63875 | 1.1.1.1 | 192.168.2.8 |
Jul 25, 2024 09:48:30.812012911 CEST | 138 | 138 | 192.168.2.8 | 192.168.2.255 |
Jul 25, 2024 09:48:50.253880978 CEST | 53 | 57414 | 1.1.1.1 | 192.168.2.8 |
Jul 25, 2024 09:48:53.776052952 CEST | 61576 | 53 | 192.168.2.8 | 1.1.1.1 |
Jul 25, 2024 09:48:53.776269913 CEST | 51309 | 53 | 192.168.2.8 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Jul 25, 2024 09:47:52.137048006 CEST | 192.168.2.8 | 1.1.1.1 | c2e7 | (Port unreachable) | Destination Unreachable |
Jul 25, 2024 09:48:53.795216084 CEST | 192.168.2.8 | 1.1.1.1 | c279 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 25, 2024 09:47:53.788778067 CEST | 192.168.2.8 | 1.1.1.1 | 0x1c6a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 25, 2024 09:47:53.788988113 CEST | 192.168.2.8 | 1.1.1.1 | 0xd7c7 | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 25, 2024 09:47:54.903347015 CEST | 192.168.2.8 | 1.1.1.1 | 0xd4a9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 25, 2024 09:47:54.903595924 CEST | 192.168.2.8 | 1.1.1.1 | 0x81aa | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 25, 2024 09:47:55.776076078 CEST | 192.168.2.8 | 1.1.1.1 | 0xd7ec | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 25, 2024 09:47:55.776192904 CEST | 192.168.2.8 | 1.1.1.1 | 0x34e5 | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 25, 2024 09:47:56.932029963 CEST | 192.168.2.8 | 1.1.1.1 | 0x1af7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 25, 2024 09:47:56.932161093 CEST | 192.168.2.8 | 1.1.1.1 | 0x935d | Standard query (0) | 65 | IN (0x0001) | false | |
Jul 25, 2024 09:48:53.776052952 CEST | 192.168.2.8 | 1.1.1.1 | 0xd539 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 25, 2024 09:48:53.776269913 CEST | 192.168.2.8 | 1.1.1.1 | 0xeb44 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 25, 2024 09:47:53.796262026 CEST | 1.1.1.1 | 192.168.2.8 | 0xd7c7 | No error (0) | mdec.nelreports.net.akamaized.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:53.798755884 CEST | 1.1.1.1 | 192.168.2.8 | 0x1c6a | No error (0) | mdec.nelreports.net.akamaized.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:55.010911942 CEST | 1.1.1.1 | 192.168.2.8 | 0xd4a9 | No error (0) | 172.217.18.4 | A (IP address) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:55.011104107 CEST | 1.1.1.1 | 192.168.2.8 | 0x81aa | No error (0) | 65 | IN (0x0001) | false | |||
Jul 25, 2024 09:47:55.784791946 CEST | 1.1.1.1 | 192.168.2.8 | 0xe1b5 | No error (0) | firstparty-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:55.784791946 CEST | 1.1.1.1 | 192.168.2.8 | 0xe1b5 | No error (0) | s-part-0014.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:55.784791946 CEST | 1.1.1.1 | 192.168.2.8 | 0xe1b5 | No error (0) | 13.107.246.42 | A (IP address) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:55.784898996 CEST | 1.1.1.1 | 192.168.2.8 | 0xd7ec | No error (0) | aijscdn2.azureedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:55.784898996 CEST | 1.1.1.1 | 192.168.2.8 | 0xd7ec | No error (0) | s-part-0014.t-0009.t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:55.784898996 CEST | 1.1.1.1 | 192.168.2.8 | 0xd7ec | No error (0) | 13.107.246.42 | A (IP address) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:55.784941912 CEST | 1.1.1.1 | 192.168.2.8 | 0xd270 | No error (0) | firstparty-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:55.785100937 CEST | 1.1.1.1 | 192.168.2.8 | 0x34e5 | No error (0) | aijscdn2.azureedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:56.753951073 CEST | 1.1.1.1 | 192.168.2.8 | 0xf6e8 | No error (0) | firstparty-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:56.753951073 CEST | 1.1.1.1 | 192.168.2.8 | 0xf6e8 | No error (0) | azurefd-t-fb-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:56.753951073 CEST | 1.1.1.1 | 192.168.2.8 | 0xf6e8 | No error (0) | s-part-0014.t-0009.fb-t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:56.753951073 CEST | 1.1.1.1 | 192.168.2.8 | 0xf6e8 | No error (0) | 13.107.253.42 | A (IP address) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:56.759603024 CEST | 1.1.1.1 | 192.168.2.8 | 0x4427 | No error (0) | firstparty-azurefd-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:56.939085007 CEST | 1.1.1.1 | 192.168.2.8 | 0x1af7 | No error (0) | aijscdn2.azureedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:56.939085007 CEST | 1.1.1.1 | 192.168.2.8 | 0x1af7 | No error (0) | azurefd-t-fb-prod.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:56.939085007 CEST | 1.1.1.1 | 192.168.2.8 | 0x1af7 | No error (0) | s-part-0017.t-0009.fb-t-msedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:56.939085007 CEST | 1.1.1.1 | 192.168.2.8 | 0x1af7 | No error (0) | 13.107.253.45 | A (IP address) | IN (0x0001) | false | ||
Jul 25, 2024 09:47:56.940375090 CEST | 1.1.1.1 | 192.168.2.8 | 0x935d | No error (0) | aijscdn2.azureedge.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:48:02.540080070 CEST | 1.1.1.1 | 192.168.2.8 | 0xf567 | No error (0) | c-msn-com-nsatc.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:48:02.542083979 CEST | 1.1.1.1 | 192.168.2.8 | 0x64d6 | No error (0) | c-msn-com-nsatc.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:48:06.044871092 CEST | 1.1.1.1 | 192.168.2.8 | 0x97e7 | No error (0) | c-msn-com-nsatc.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:48:06.044914007 CEST | 1.1.1.1 | 192.168.2.8 | 0x5ddc | No error (0) | c-msn-com-nsatc.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:48:53.783736944 CEST | 1.1.1.1 | 192.168.2.8 | 0xd539 | No error (0) | mdec.nelreports.net.akamaized.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Jul 25, 2024 09:48:53.795115948 CEST | 1.1.1.1 | 192.168.2.8 | 0xeb44 | No error (0) | mdec.nelreports.net.akamaized.net | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.8 | 49720 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:47:56 UTC | 161 | OUT | |
2024-07-25 07:47:56 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.8 | 49725 | 13.107.246.42 | 443 | 7900 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:47:56 UTC | 551 | OUT | |
2024-07-25 07:47:56 UTC | 712 | IN | |
2024-07-25 07:47:56 UTC | 15672 | IN | |
2024-07-25 07:47:56 UTC | 711 | IN | |
2024-07-25 07:47:56 UTC | 16383 | IN | |
2024-07-25 07:47:56 UTC | 16383 | IN | |
2024-07-25 07:47:56 UTC | 3568 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.8 | 49724 | 13.107.246.42 | 443 | 7900 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:47:56 UTC | 549 | OUT | |
2024-07-25 07:47:56 UTC | 958 | IN | |
2024-07-25 07:47:56 UTC | 15426 | IN | |
2024-07-25 07:47:56 UTC | 16384 | IN | |
2024-07-25 07:47:56 UTC | 16384 | IN | |
2024-07-25 07:47:56 UTC | 16384 | IN | |
2024-07-25 07:47:56 UTC | 16384 | IN | |
2024-07-25 07:47:56 UTC | 16384 | IN | |
2024-07-25 07:47:56 UTC | 16384 | IN | |
2024-07-25 07:47:56 UTC | 16384 | IN | |
2024-07-25 07:47:56 UTC | 16384 | IN | |
2024-07-25 07:47:56 UTC | 16384 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.8 | 49727 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:47:57 UTC | 239 | OUT | |
2024-07-25 07:47:57 UTC | 514 | IN | |
2024-07-25 07:47:57 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.8 | 49730 | 13.107.253.42 | 443 | 7900 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:47:57 UTC | 373 | OUT | |
2024-07-25 07:47:57 UTC | 712 | IN | |
2024-07-25 07:47:57 UTC | 16383 | IN | |
2024-07-25 07:47:57 UTC | 16383 | IN | |
2024-07-25 07:47:57 UTC | 16383 | IN | |
2024-07-25 07:47:57 UTC | 3568 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.8 | 49732 | 13.107.253.45 | 443 | 7900 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:47:57 UTC | 370 | OUT | |
2024-07-25 07:47:57 UTC | 958 | IN | |
2024-07-25 07:47:57 UTC | 15426 | IN | |
2024-07-25 07:47:57 UTC | 16384 | IN | |
2024-07-25 07:47:57 UTC | 16384 | IN | |
2024-07-25 07:47:57 UTC | 16384 | IN | |
2024-07-25 07:47:57 UTC | 16384 | IN | |
2024-07-25 07:47:58 UTC | 16384 | IN | |
2024-07-25 07:47:58 UTC | 16384 | IN | |
2024-07-25 07:47:58 UTC | 16384 | IN | |
2024-07-25 07:47:58 UTC | 16384 | IN | |
2024-07-25 07:47:58 UTC | 16384 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.8 | 49760 | 40.68.123.157 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:48:02 UTC | 306 | OUT | |
2024-07-25 07:48:02 UTC | 560 | IN | |
2024-07-25 07:48:02 UTC | 15824 | IN | |
2024-07-25 07:48:02 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.8 | 60450 | 20.12.23.50 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-25 07:48:40 UTC | 306 | OUT | |
2024-07-25 07:48:40 UTC | 560 | IN | |
2024-07-25 07:48:40 UTC | 15824 | IN | |
2024-07-25 07:48:40 UTC | 14181 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 03:47:41 |
Start date: | 25/07/2024 |
Path: | C:\Users\user\Desktop\LisectAVT_2403002C_142.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x20000 |
File size: | 112'128 bytes |
MD5 hash: | 01DA9EA1CC55C02A1755B20A4EC69F05 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 03:47:47 |
Start date: | 25/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff678760000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 5 |
Start time: | 03:47:48 |
Start date: | 25/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff678760000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 6 |
Start time: | 03:47:57 |
Start date: | 25/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff678760000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 03:47:58 |
Start date: | 25/07/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff678760000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |