Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 1492 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: E0B2866C4C2494645E94B5EF38B9ACB8) - taskkill.exe (PID: 3796 cmdline:
taskkill / F /IM fire fox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - conhost.exe (PID: 6684 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 5344 cmdline:
taskkill / F /IM chro me.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - conhost.exe (PID: 6392 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 4780 cmdline:
taskkill / F /IM msed ge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - conhost.exe (PID: 6208 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 3544 cmdline:
taskkill / F /IM oper a.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - conhost.exe (PID: 6600 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 3816 cmdline:
taskkill / F /IM brav e.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - conhost.exe (PID: 6484 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - firefox.exe (PID: 2848 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" --k iosk "http s://youtub e.com/acco unt?=https ://account s.google.c om/v3/sign in/challen ge/pwd" -- no-default -browser-c heck --dis able-popup -blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
- firefox.exe (PID: 5260 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" --k iosk https ://youtube .com/accou nt?=https: //accounts .google.co m/v3/signi n/challeng e/pwd --no -default-b rowser-che ck --disab le-popup-b locking -- attempting -deelevati on MD5: C86B1BE9ED6496FE0E0CBE73F81D8045) - firefox.exe (PID: 6916 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" --k iosk https ://youtube .com/accou nt?=https: //accounts .google.co m/v3/signi n/challeng e/pwd --no -default-b rowser-che ck --disab le-popup-b locking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045) - firefox.exe (PID: 5112 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" -co ntentproc --channel= 2284 -pare ntBuildID 2023092723 2528 -pref sHandle 22 32 -prefMa pHandle 22 28 -prefsL en 25250 - prefMapSiz e 238690 - win32kLock edDown -ap pDir "C:\P rogram Fil es\Mozilla Firefox\b rowser" - {4d3b9a08- 6fb8-422b- b765-a43db 8b920aa} 6 916 "\\.\p ipe\gecko- crash-serv er-pipe.69 16" 2c215b 6ef10 sock et MD5: C86B1BE9ED6496FE0E0CBE73F81D8045) - firefox.exe (PID: 7588 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" -co ntentproc --channel= 3816 -pare ntBuildID 2023092723 2528 -pref sHandle 37 88 -prefMa pHandle 38 96 -prefsL en 26265 - prefMapSiz e 238690 - appDir "C: \Program F iles\Mozil la Firefox \browser" - {1235fb2 f-2ad4-4d0 b-85b2-34b 26d7e737e} 6916 "\\. \pipe\geck o-crash-se rver-pipe. 6916" 2c22 81e5310 rd d MD5: C86B1BE9ED6496FE0E0CBE73F81D8045) - firefox.exe (PID: 1600 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" -co ntentproc --channel= 5080 -pare ntBuildID 2023092723 2528 -sand boxingKind 0 -prefsH andle 5072 -prefMapH andle 5052 -prefsLen 33093 -pr efMapSize 238690 -wi n32kLocked Down -appD ir "C:\Pro gram Files \Mozilla F irefox\bro wser" - {f fc7800e-51 e3-45ac-bc dd-0eb239f 79988} 691 6 "\\.\pip e\gecko-cr ash-server -pipe.6916 " 2c22e35c f10 utilit y MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialFlusher | Yara detected Credential Flusher | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_0088DBBE | |
Source: | Code function: | 0_2_0085C2A2 | |
Source: | Code function: | 0_2_008968EE | |
Source: | Code function: | 0_2_0089698F | |
Source: | Code function: | 0_2_0088D076 | |
Source: | Code function: | 0_2_0088D3A9 | |
Source: | Code function: | 0_2_00899642 | |
Source: | Code function: | 0_2_0089979D | |
Source: | Code function: | 0_2_00899B2B | |
Source: | Code function: | 0_2_00895C97 |
Source: | Memory has grown: |
Source: | Network traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_0089CE44 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0089EAFF |
Source: | Code function: | 0_2_0089ED6A |
Source: | Code function: | 0_2_0089EAFF |
Source: | Code function: | 0_2_0088AA57 |
Source: | Code function: | 0_2_008B9576 |
System Summary |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_30188723-9 | |
Source: | String found in binary or memory: | memstr_73b3262e-8 | |
Source: | String found in binary or memory: | memstr_b47f044f-7 | |
Source: | String found in binary or memory: | memstr_5f13e983-f |
Source: | Code function: | 18_2_000001D32A1DAEF2 | |
Source: | Code function: | 18_2_000001D32A1D24B7 |
Source: | Code function: | 0_2_0088D5EB |
Source: | Code function: | 0_2_00881201 |
Source: | Code function: | 0_2_0088E8F6 |
Source: | Code function: | 0_2_00892046 | |
Source: | Code function: | 0_2_00828060 | |
Source: | Code function: | 0_2_00888298 | |
Source: | Code function: | 0_2_0085E4FF | |
Source: | Code function: | 0_2_0085676B | |
Source: | Code function: | 0_2_008B4873 | |
Source: | Code function: | 0_2_0084CAA0 | |
Source: | Code function: | 0_2_0082CAF0 | |
Source: | Code function: | 0_2_0083CC39 | |
Source: | Code function: | 0_2_00856DD9 | |
Source: | Code function: | 0_2_008291C0 | |
Source: | Code function: | 0_2_0083B119 | |
Source: | Code function: | 0_2_00841394 | |
Source: | Code function: | 0_2_0084781B | |
Source: | Code function: | 0_2_00827920 | |
Source: | Code function: | 0_2_0083997D | |
Source: | Code function: | 0_2_00847A4A | |
Source: | Code function: | 0_2_00847CA7 | |
Source: | Code function: | 0_2_00859EEE | |
Source: | Code function: | 0_2_008ABE44 | |
Source: | Code function: | 18_2_000001D32A1DAEF2 | |
Source: | Code function: | 18_2_000001D32A1DAF32 | |
Source: | Code function: | 18_2_000001D32A1DB61C | |
Source: | Code function: | 18_2_000001D32A1D24B7 |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_008937B5 |
Source: | Code function: | 0_2_008810BF | |
Source: | Code function: | 0_2_008816C3 |
Source: | Code function: | 0_2_008951CD |
Source: | Code function: | 0_2_0088D4DC |
Source: | Code function: | 0_2_0089648E |
Source: | Code function: | 0_2_008242A2 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Window detected: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_008242DE |
Source: | Static PE information: |
Source: | Code function: | 0_2_00840A89 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Code function: | 0_2_0083F98E | |
Source: | Code function: | 0_2_008B1C41 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Sandbox detection routine: | graph_0-96053 |
Source: | Code function: | 18_2_000001D32A1DAEF2 |
Source: | API coverage: |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_0088DBBE | |
Source: | Code function: | 0_2_0085C2A2 | |
Source: | Code function: | 0_2_008968EE | |
Source: | Code function: | 0_2_0089698F | |
Source: | Code function: | 0_2_0088D076 | |
Source: | Code function: | 0_2_0088D3A9 | |
Source: | Code function: | 0_2_00899642 | |
Source: | Code function: | 0_2_0089979D | |
Source: | Code function: | 0_2_00899B2B | |
Source: | Code function: | 0_2_00895C97 |
Source: | Code function: | 0_2_008242DE |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 18_2_000001D32A1DAEF2 |
Source: | Code function: | 0_2_0089EAA2 |
Source: | Code function: | 0_2_00852622 |
Source: | Code function: | 0_2_008242DE |
Source: | Code function: | 0_2_00844CE8 |
Source: | Code function: | 0_2_00880B62 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_00852622 | |
Source: | Code function: | 0_2_0084083F | |
Source: | Code function: | 0_2_008409D5 | |
Source: | Code function: | 0_2_00840C21 |
Source: | Code function: | 0_2_00881201 |
Source: | Code function: | 0_2_00862BA5 |
Source: | Code function: | 0_2_0088B226 |
Source: | Code function: | 0_2_008A22DA |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00880B62 |
Source: | Code function: | 0_2_00881663 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00840698 |
Source: | Code function: | 0_2_00898195 |
Source: | Code function: | 0_2_0087D27A |
Source: | Code function: | 0_2_0085B952 |
Source: | Code function: | 0_2_008242DE |
Stealing of Sensitive Information |
---|
Source: | File source: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Remote Access Functionality |
---|
Source: | File source: |
Source: | Code function: | 0_2_008A1204 | |
Source: | Code function: | 0_2_008A1806 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 2 Disable or Modify Tools | 21 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 1 Native API | 2 Valid Accounts | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 21 Input Capture | 12 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Extra Window Memory Injection | 2 Obfuscated Files or Information | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 2 Valid Accounts | 1 DLL Side-Loading | NTDS | 16 System Information Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 21 Access Token Manipulation | 1 Extra Window Memory Injection | LSA Secrets | 131 Security Software Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 2 Process Injection | 1 Masquerading | Cached Domain Credentials | 1 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Valid Accounts | DCSync | 3 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Virtualization/Sandbox Evasion | Proc Filesystem | 1 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 21 Access Token Manipulation | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 2 Process Injection | Network Sniffing | Network Service Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
29% | ReversingLabs | Win32.Trojan.AutoitInject | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | ReversingLabs |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
example.org | 93.184.215.14 | true | false | high | |
star-mini.c10r.facebook.com | 157.240.253.35 | true | false | high | |
prod.classify-client.prod.webservices.mozgcp.net | 35.190.72.216 | true | false | high | |
prod.balrog.prod.cloudops.mozgcp.net | 35.244.181.201 | true | false | high | |
twitter.com | 104.244.42.193 | true | false | high | |
prod.detectportal.prod.cloudops.mozgcp.net | 34.107.221.82 | true | false | high | |
services.addons.mozilla.org | 151.101.1.91 | true | false | high | |
dyna.wikimedia.org | 185.15.59.224 | true | false | high | |
prod.remote-settings.prod.webservices.mozgcp.net | 34.149.100.209 | true | false | high | |
contile.services.mozilla.com | 34.117.188.166 | true | false | high | |
youtube.com | 142.250.186.142 | true | false | high | |
prod.content-signature-chains.prod.webservices.mozgcp.net | 34.160.144.191 | true | false | high | |
dualstack.reddit.map.fastly.net | 151.101.129.140 | true | false | high | |
youtube-ui.l.google.com | 142.250.186.46 | true | false | high | |
us-west1.prod.sumo.prod.webservices.mozgcp.net | 34.149.128.2 | true | false | high | |
ipv4only.arpa | 192.0.0.170 | true | false | high | |
prod.ads.prod.webservices.mozgcp.net | 34.117.188.166 | true | false | high | |
push.services.mozilla.com | 34.107.243.93 | true | false | high | |
normandy-cdn.services.mozilla.com | 35.201.103.21 | true | false | high | |
telemetry-incoming.r53-2.services.mozilla.com | 34.120.208.123 | true | false | high | |
www.reddit.com | unknown | unknown | false | high | |
spocs.getpocket.com | unknown | unknown | false | high | |
content-signature-2.cdn.mozilla.net | unknown | unknown | false | high | |
support.mozilla.org | unknown | unknown | false | high | |
firefox.settings.services.mozilla.com | unknown | unknown | false | high | |
www.youtube.com | unknown | unknown | false | high | |
www.facebook.com | unknown | unknown | false | high | |
detectportal.firefox.com | unknown | unknown | false | high | |
normandy.cdn.mozilla.net | unknown | unknown | false | high | |
shavar.services.mozilla.com | unknown | unknown | false | high | |
www.wikipedia.org | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
151.101.1.91 | services.addons.mozilla.org | United States | 54113 | FASTLYUS | false | |
34.149.100.209 | prod.remote-settings.prod.webservices.mozgcp.net | United States | 2686 | ATGS-MMD-ASUS | false | |
34.107.243.93 | push.services.mozilla.com | United States | 15169 | GOOGLEUS | false | |
34.107.221.82 | prod.detectportal.prod.cloudops.mozgcp.net | United States | 15169 | GOOGLEUS | false | |
35.244.181.201 | prod.balrog.prod.cloudops.mozgcp.net | United States | 15169 | GOOGLEUS | false | |
34.117.188.166 | contile.services.mozilla.com | United States | 139070 | GOOGLE-AS-APGoogleAsiaPacificPteLtdSG | false | |
142.250.65.238 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.186.142 | youtube.com | United States | 15169 | GOOGLEUS | false | |
35.201.103.21 | normandy-cdn.services.mozilla.com | United States | 15169 | GOOGLEUS | false | |
35.190.72.216 | prod.classify-client.prod.webservices.mozgcp.net | United States | 15169 | GOOGLEUS | false | |
34.160.144.191 | prod.content-signature-chains.prod.webservices.mozgcp.net | United States | 2686 | ATGS-MMD-ASUS | false | |
34.120.208.123 | telemetry-incoming.r53-2.services.mozilla.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
127.0.0.1 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1559391 |
Start date and time: | 2024-11-20 13:26:06 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal72.troj.evad.winEXE@34/34@66/13 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.12.64.98, 35.80.238.59, 35.164.125.63, 216.58.206.78, 2.22.61.56, 2.22.61.59, 172.217.18.10, 172.217.16.202
- Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, detectportal.prod.mozaws.net, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtOpenFile calls found.
- VT rate limit hit for: file.exe
Time | Type | Description |
---|---|---|
07:27:23 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
34.117.188.166 | Get hash | malicious | Credential Flusher | Browse | ||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | PureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc | Browse | |||
151.101.1.91 | Get hash | malicious | Credential Flusher | Browse | ||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
34.149.100.209 | Get hash | malicious | Credential Flusher | Browse | ||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
example.org | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | PureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
twitter.com | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
star-mini.c10r.facebook.com | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
FASTLYUS | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Ramnit | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | HTMLPhisher, EvilProxy | Browse |
| ||
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG | Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| |
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | PureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
ATGS-MMD-ASUS | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
fb0aa01abe9d8e4037eb3473ca6e2dca | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | PureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy) | Get hash | malicious | Credential Flusher | Browse | ||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse |
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_bfe45395-b515-419c-b8d8-e559f2e6fb96.json (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7946 |
Entropy (8bit): | 5.173462921549669 |
Encrypted: | false |
SSDEEP: | 192:IsBMX3D0cbhbVbTbfbRbObtbyEl7nsNfJA6unSrDtTkdxSofCI:tiYcNhnzFSJMNG1nSrDhkdx2I |
MD5: | 57EF0C9848287159BBEB0788189136DA |
SHA1: | 0C88F379EB519E71B835D075CA0A88D57DCF4F28 |
SHA-256: | 5A122FA0AB02302DAE338125D4BFABCE8AD8D3F1F2325DF9947E10B1CBE0C14A |
SHA-512: | 28A7C0883544DF52EBEA9AC17AD9C3A90AB75B6E1E847F495B6C3722A70F9D57E8B523A3F32FA1349B078BDED8C0BB1C5D9E914259C5E1F8981A4B8A5447C194 |
Malicious: | false |
Preview: |
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_bfe45395-b515-419c-b8d8-e559f2e6fb96.json.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7946 |
Entropy (8bit): | 5.173462921549669 |
Encrypted: | false |
SSDEEP: | 192:IsBMX3D0cbhbVbTbfbRbObtbyEl7nsNfJA6unSrDtTkdxSofCI:tiYcNhnzFSJMNG1nSrDhkdx2I |
MD5: | 57EF0C9848287159BBEB0788189136DA |
SHA1: | 0C88F379EB519E71B835D075CA0A88D57DCF4F28 |
SHA-256: | 5A122FA0AB02302DAE338125D4BFABCE8AD8D3F1F2325DF9947E10B1CBE0C14A |
SHA-512: | 28A7C0883544DF52EBEA9AC17AD9C3A90AB75B6E1E847F495B6C3722A70F9D57E8B523A3F32FA1349B078BDED8C0BB1C5D9E914259C5E1F8981A4B8A5447C194 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.4593089050301797 |
Encrypted: | false |
SSDEEP: | 48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L |
MD5: | D910AD167F0217587501FDCDB33CC544 |
SHA1: | 2F57441CEFDC781011B53C1C5D29AC54835AFC1D |
SHA-256: | E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81 |
SHA-512: | F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 453023 |
Entropy (8bit): | 7.997718157581587 |
Encrypted: | true |
SSDEEP: | 12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3 |
MD5: | 85430BAED3398695717B0263807CF97C |
SHA1: | FFFBEE923CEA216F50FCE5D54219A188A5100F41 |
SHA-256: | A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E |
SHA-512: | 06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4419 |
Entropy (8bit): | 4.930931325656252 |
Encrypted: | false |
SSDEEP: | 96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLq+Y38P:gXiNFS+OcUGOdwiOdwBjkYLq+Y38P |
MD5: | 255F1F712856321E87F71BC7AB207AEB |
SHA1: | 46E535ABF31F0DFACD726084FA7A0601F2FE2F3F |
SHA-256: | B02033D460FBA6241207F04ADE664FC874DC57C0857C5213029F19F61C19AE7C |
SHA-512: | 2E7CF1544C9B3F01FDF7D77C89B2254DD6D3D730FCFDFB48F6913BFC34077D495BF7335B40E03FF80FBB0D3C00E9DBFE077507ACE364DDD884AA543EB02789B9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4419 |
Entropy (8bit): | 4.930931325656252 |
Encrypted: | false |
SSDEEP: | 96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLq+Y38P:gXiNFS+OcUGOdwiOdwBjkYLq+Y38P |
MD5: | 255F1F712856321E87F71BC7AB207AEB |
SHA1: | 46E535ABF31F0DFACD726084FA7A0601F2FE2F3F |
SHA-256: | B02033D460FBA6241207F04ADE664FC874DC57C0857C5213029F19F61C19AE7C |
SHA-512: | 2E7CF1544C9B3F01FDF7D77C89B2254DD6D3D730FCFDFB48F6913BFC34077D495BF7335B40E03FF80FBB0D3C00E9DBFE077507ACE364DDD884AA543EB02789B9 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4 (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5308 |
Entropy (8bit): | 6.599374203470186 |
Encrypted: | false |
SSDEEP: | 96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm |
MD5: | EB56C2F4DA9435F3D5574161F414CD17 |
SHA1: | 74A8FC3EC0559740FD9D835B638354985E2DEAB6 |
SHA-256: | 394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966 |
SHA-512: | DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5308 |
Entropy (8bit): | 6.599374203470186 |
Encrypted: | false |
SSDEEP: | 96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm |
MD5: | EB56C2F4DA9435F3D5574161F414CD17 |
SHA1: | 74A8FC3EC0559740FD9D835B638354985E2DEAB6 |
SHA-256: | 394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966 |
SHA-512: | DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.91829583405449 |
Encrypted: | false |
SSDEEP: | 3:YWGifTJE6iHQ:YWGif9EE |
MD5: | 3088F0272D29FAA42ED452C5E8120B08 |
SHA1: | C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23 |
SHA-256: | D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06 |
SHA-512: | B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.91829583405449 |
Encrypted: | false |
SSDEEP: | 3:YWGifTJE6iHQ:YWGif9EE |
MD5: | 3088F0272D29FAA42ED452C5E8120B08 |
SHA1: | C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23 |
SHA-256: | D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06 |
SHA-512: | B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 262144 |
Entropy (8bit): | 0.04905141882491872 |
Encrypted: | false |
SSDEEP: | 24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5 |
MD5: | 8736A542C5564A922C47B19D9CC5E0F2 |
SHA1: | CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A |
SHA-256: | 97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077 |
SHA-512: | 99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4 (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66 |
Entropy (8bit): | 4.837595020998689 |
Encrypted: | false |
SSDEEP: | 3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt |
MD5: | A6338865EB252D0EF8FCF11FA9AF3F0D |
SHA1: | CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3 |
SHA-256: | 078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965 |
SHA-512: | D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66 |
Entropy (8bit): | 4.837595020998689 |
Encrypted: | false |
SSDEEP: | 3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt |
MD5: | A6338865EB252D0EF8FCF11FA9AF3F0D |
SHA1: | CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3 |
SHA-256: | 078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965 |
SHA-512: | D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 36830 |
Entropy (8bit): | 5.185052013683835 |
Encrypted: | false |
SSDEEP: | 768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3 |
MD5: | 10E2D85FEF0DB266E519048D63617FA8 |
SHA1: | EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0 |
SHA-256: | 92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E |
SHA-512: | 164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 36830 |
Entropy (8bit): | 5.185052013683835 |
Encrypted: | false |
SSDEEP: | 768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3 |
MD5: | 10E2D85FEF0DB266E519048D63617FA8 |
SHA1: | EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0 |
SHA-256: | 92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E |
SHA-512: | 164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-shm
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.017262956703125623 |
Encrypted: | false |
SSDEEP: | 3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX |
MD5: | B7C14EC6110FA820CA6B65F5AEC85911 |
SHA1: | 608EEB7488042453C9CA40F7E1398FC1A270F3F4 |
SHA-256: | FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB |
SHA-512: | D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1021904 |
Entropy (8bit): | 6.648417932394748 |
Encrypted: | false |
SSDEEP: | 12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x |
MD5: | FE3355639648C417E8307C6D051E3E37 |
SHA1: | F54602D4B4778DA21BC97C7238FC66AA68C8EE34 |
SHA-256: | 1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E |
SHA-512: | 8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1021904 |
Entropy (8bit): | 6.648417932394748 |
Encrypted: | false |
SSDEEP: | 12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x |
MD5: | FE3355639648C417E8307C6D051E3E37 |
SHA1: | F54602D4B4778DA21BC97C7238FC66AA68C8EE34 |
SHA-256: | 1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E |
SHA-512: | 8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C |
Malicious: | false |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 116 |
Entropy (8bit): | 4.968220104601006 |
Encrypted: | false |
SSDEEP: | 3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn |
MD5: | 3D33CDC0B3D281E67DD52E14435DD04F |
SHA1: | 4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB |
SHA-256: | F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B |
SHA-512: | A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 116 |
Entropy (8bit): | 4.968220104601006 |
Encrypted: | false |
SSDEEP: | 3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn |
MD5: | 3D33CDC0B3D281E67DD52E14435DD04F |
SHA1: | 4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB |
SHA-256: | F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B |
SHA-512: | A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98304 |
Entropy (8bit): | 0.0733117092728705 |
Encrypted: | false |
SSDEEP: | 12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiVgv:DLhesh7Owd4+ji |
MD5: | C8A1B1A297ADE8DC2C415DBB8427C146 |
SHA1: | 98D554FA66C7A74A3E63DE0BB1808E66033765DA |
SHA-256: | 2487F1809534E57C7B825CB38BC3189C28C0AC52673C7F4AB01ABD7F8DDE298C |
SHA-512: | C9F32E94FB54C46B8CF1E1DA38322CD26A16CDF1A74BFA9AF25279B9D00A5DE0F1445A1AF37C888D799A47CCD68AEFD97AE585B2460AFE3AD5EBC7D1E288CFD6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.035287661275580785 |
Encrypted: | false |
SSDEEP: | 3:GtlstFd/vLILCKRbBIPlstFd/vLILCKRbLlllJ89//alEl:GtWt05Rb+PWt05Rb389XuM |
MD5: | A74FF2C998350F265084BE05A07EF84C |
SHA1: | D84D05B143FAE2E833982D02A8F15596C9B14098 |
SHA-256: | 675099660D8EA3D225EDD5BD97F24E9509830F53CD979179905B487E69BD1CCC |
SHA-512: | 492E5286A51103C68923D39039750710959D359024120B5FA313DE2567FB57DDF956BCCEF7350D4E11A339BE0E2EDE652677192379FFAF427A956C922FE6ADC3 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32824 |
Entropy (8bit): | 0.034843271510462306 |
Encrypted: | false |
SSDEEP: | 3:Ol1owCfZ3l2NVLCPO5T6a5SrV//mwl8XW3R2:KavJgHqFJpuw93w |
MD5: | BC190FBEE69B00AB620151FF3132F518 |
SHA1: | 43A9B79DAE68CC6E17EBB2D3EBB0B54C08DFFF6A |
SHA-256: | 9EDE26D0D789F3D79884AAA474A58E975D2596B1AB7EF4148C3240C6D8B2046E |
SHA-512: | 11145BBB82ECC66FD32F0D6AF6C9EAB4771249D1407E45F00EC816718097733EFCD51C05056A3A9FC1A1AC25DD089D9F5E937E7971D8EEEF132CEC74E5442EA4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs-1.js
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14081 |
Entropy (8bit): | 5.465330958049721 |
Encrypted: | false |
SSDEEP: | 192:OnTFTRRUYbBp6aLZNMGaX16qU4t4zy+/3/7qWgS5RYiNBw8d5Sl:UKe7FNMAOgyCq0dwi0 |
MD5: | AE793BE9ACBB4AA920F7ABB4F361CE8C |
SHA1: | 9011375EECF54787E0861059C0D1A22955298975 |
SHA-256: | 00F36D99457AA6F4E367FB9ACBA8EE95DA8D4A9173E966DB8623879E1CAB280E |
SHA-512: | 91B6C16E0B8EB9B4C7A2FACDCE29F0AAE8F78B80BC9F9FC68601C9E559ADC15E60FCF0AE17D7347644BAF9905FBEC02BF91B0DDD3024B981B049A8A1F688CFE2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14081 |
Entropy (8bit): | 5.465330958049721 |
Encrypted: | false |
SSDEEP: | 192:OnTFTRRUYbBp6aLZNMGaX16qU4t4zy+/3/7qWgS5RYiNBw8d5Sl:UKe7FNMAOgyCq0dwi0 |
MD5: | AE793BE9ACBB4AA920F7ABB4F361CE8C |
SHA1: | 9011375EECF54787E0861059C0D1A22955298975 |
SHA-256: | 00F36D99457AA6F4E367FB9ACBA8EE95DA8D4A9173E966DB8623879E1CAB280E |
SHA-512: | 91B6C16E0B8EB9B4C7A2FACDCE29F0AAE8F78B80BC9F9FC68601C9E559ADC15E60FCF0AE17D7347644BAF9905FBEC02BF91B0DDD3024B981B049A8A1F688CFE2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.04062825861060003 |
Encrypted: | false |
SSDEEP: | 3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l |
MD5: | 60C09456D6362C6FBED48C69AA342C3C |
SHA1: | 58B6E22DAA48C75958B429F662DEC1C011AE74D3 |
SHA-256: | FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389 |
SHA-512: | 936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 90 |
Entropy (8bit): | 4.194538242412464 |
Encrypted: | false |
SSDEEP: | 3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr |
MD5: | C4AB2EE59CA41B6D6A6EA911F35BDC00 |
SHA1: | 5942CD6505FC8A9DABA403B082067E1CDEFDFBC4 |
SHA-256: | 00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2 |
SHA-512: | 71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 90 |
Entropy (8bit): | 4.194538242412464 |
Encrypted: | false |
SSDEEP: | 3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr |
MD5: | C4AB2EE59CA41B6D6A6EA911F35BDC00 |
SHA1: | 5942CD6505FC8A9DABA403B082067E1CDEFDFBC4 |
SHA-256: | 00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2 |
SHA-512: | 71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.baklz4 (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1572 |
Entropy (8bit): | 6.341107327120134 |
Encrypted: | false |
SSDEEP: | 24:v+USUGlcAxSnMLXnIgk/pnxQwRlszT5sKL0a3eHVvwKXT8GamhujJmyOOxmOm8i/:GUpOx0MEnR6d3eNwCT8G4JNgovRh4 |
MD5: | BB9F6A7C1E399670B05DA91E4BDC6259 |
SHA1: | 09D41A9F45CC8D134668FC231BF16A91E6861F31 |
SHA-256: | B245858948E4A5AC2BB7FDE3FFF54AB46F37EBB9C89E1B37699ED17901B20E85 |
SHA-512: | DFE10F4243360B9D3A49C4F3382D48FC714CD05D93C698D5C7E4EE531826E8847ADB2BE45059208F18F432280C2678C7DCD8C46ED634A2F7AC66802E09FE3B3E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4 (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1572 |
Entropy (8bit): | 6.341107327120134 |
Encrypted: | false |
SSDEEP: | 24:v+USUGlcAxSnMLXnIgk/pnxQwRlszT5sKL0a3eHVvwKXT8GamhujJmyOOxmOm8i/:GUpOx0MEnR6d3eNwCT8G4JNgovRh4 |
MD5: | BB9F6A7C1E399670B05DA91E4BDC6259 |
SHA1: | 09D41A9F45CC8D134668FC231BF16A91E6861F31 |
SHA-256: | B245858948E4A5AC2BB7FDE3FFF54AB46F37EBB9C89E1B37699ED17901B20E85 |
SHA-512: | DFE10F4243360B9D3A49C4F3382D48FC714CD05D93C698D5C7E4EE531826E8847ADB2BE45059208F18F432280C2678C7DCD8C46ED634A2F7AC66802E09FE3B3E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1572 |
Entropy (8bit): | 6.341107327120134 |
Encrypted: | false |
SSDEEP: | 24:v+USUGlcAxSnMLXnIgk/pnxQwRlszT5sKL0a3eHVvwKXT8GamhujJmyOOxmOm8i/:GUpOx0MEnR6d3eNwCT8G4JNgovRh4 |
MD5: | BB9F6A7C1E399670B05DA91E4BDC6259 |
SHA1: | 09D41A9F45CC8D134668FC231BF16A91E6861F31 |
SHA-256: | B245858948E4A5AC2BB7FDE3FFF54AB46F37EBB9C89E1B37699ED17901B20E85 |
SHA-512: | DFE10F4243360B9D3A49C4F3382D48FC714CD05D93C698D5C7E4EE531826E8847ADB2BE45059208F18F432280C2678C7DCD8C46ED634A2F7AC66802E09FE3B3E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 2.042811512334329 |
Encrypted: | false |
SSDEEP: | 24:JBkSldh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jkSWEUo9LXtR+JdkOnohYsl |
MD5: | 21235938025E2102017AC8C9748948A4 |
SHA1: | A1EED1C4588724A8396C95FC9923C0A33B360FF8 |
SHA-256: | E34B06B180E3F73DC8E441650BB7FE694A9D58E927412D6ED40B0852B784824E |
SHA-512: | D334B419A2A75179C17D7F53BF65FCC132ADE03B21059F0007ACDBB08284A281D8CE1C1CC598E6A070024D0DAE158E2E9618E121342BE068E87A051FE33D6061 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4411 |
Entropy (8bit): | 5.009135798231767 |
Encrypted: | false |
SSDEEP: | 48:YrSAYlIHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJF4:yclICTEr5NfJzzcBvbw6Kkvrc2Rn27 |
MD5: | 1AD3213C8C48C6EFE92CC5D78024652E |
SHA1: | 7DDADF3114BC86B556D2BF78C81F0AADFBD4818F |
SHA-256: | 5A8FC5F139D49A703F47989B052A56442791EBB6B22F96AF59AF73EF335A4F72 |
SHA-512: | 3D71D696F3C4A944CD5ECC48C83C7011841DA92E9E934D5376692E10BDDC5868AE85BBC0FD57CE7FF17EC84C25920FF1D235C4E9FEDBEE187C9736C1C0658DB4 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4411 |
Entropy (8bit): | 5.009135798231767 |
Encrypted: | false |
SSDEEP: | 48:YrSAYlIHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJF4:yclICTEr5NfJzzcBvbw6Kkvrc2Rn27 |
MD5: | 1AD3213C8C48C6EFE92CC5D78024652E |
SHA1: | 7DDADF3114BC86B556D2BF78C81F0AADFBD4818F |
SHA-256: | 5A8FC5F139D49A703F47989B052A56442791EBB6B22F96AF59AF73EF335A4F72 |
SHA-512: | 3D71D696F3C4A944CD5ECC48C83C7011841DA92E9E934D5376692E10BDDC5868AE85BBC0FD57CE7FF17EC84C25920FF1D235C4E9FEDBEE187C9736C1C0658DB4 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.591278096051155 |
TrID: |
|
File name: | file.exe |
File size: | 922'112 bytes |
MD5: | e0b2866c4c2494645e94b5ef38b9acb8 |
SHA1: | 8d02c7748efffea787b8727fcc4a8b9545fa02ce |
SHA256: | ec37f3c2bc73ce7470c4a6619f4fe4ff973e835156cc466f8d9de64cf233661d |
SHA512: | 436b02c2a81107012408c130523f42b9d0ebc5977bee8f606c34511fd34f1dbfe7ec4c28e7222952d15f2eab1f05df790b48ed235dc75138eb311d0a68ebed65 |
SSDEEP: | 12288:zqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgavTB:zqDEvCTbMWu7rQYlBQcBiT6rprG8aLB |
TLSH: | 7A159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13A81D79BE701B1563E7A3 |
File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z.... |
Icon Hash: | aaf3e3e3938382a0 |
Entrypoint: | 0x420577 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x673DD34E [Wed Nov 20 12:17:18 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 948cc502fe9226992dce9417f952fce3 |
Instruction |
---|
call 00007FA8D8DCD763h |
jmp 00007FA8D8DCD06Fh |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007FA8D8DCD24Dh |
mov dword ptr [esi], 0049FDF0h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FDF8h |
mov dword ptr [ecx], 0049FDF0h |
ret |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007FA8D8DCD21Ah |
mov dword ptr [esi], 0049FE0Ch |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FE14h |
mov dword ptr [ecx], 0049FE0Ch |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
and dword ptr [eax], 00000000h |
and dword ptr [eax+04h], 00000000h |
push eax |
mov eax, dword ptr [ebp+08h] |
add eax, 04h |
push eax |
call 00007FA8D8DCFE0Dh |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
lea eax, dword ptr [ecx+04h] |
mov dword ptr [ecx], 0049FDD0h |
push eax |
call 00007FA8D8DCFE58h |
pop ecx |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
push eax |
call 00007FA8D8DCFE41h |
test byte ptr [ebp+08h], 00000001h |
pop ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc8e64 | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd4000 | 0xa774 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xdf000 | 0x7594 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xb0ff0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xc3400 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xb1010 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9c000 | 0x894 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x9ab1d | 0x9ac00 | 0a1473f3064dcbc32ef93c5c8a90f3a6 | False | 0.565500681542811 | data | 6.668273581389308 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x9c000 | 0x2fb82 | 0x2fc00 | c9cf2468b60bf4f80f136ed54b3989fb | False | 0.35289185209424084 | data | 5.691811547483722 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xcc000 | 0x706c | 0x4800 | 53b9025d545d65e23295e30afdbd16d9 | False | 0.04356553819444445 | DOS executable (block device driver @\273\) | 0.5846666986982398 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xd4000 | 0xa774 | 0xa800 | 9a008e791c268e3dc6eadedd9accf16b | False | 0.3674897693452381 | data | 5.611158665733 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xdf000 | 0x7594 | 0x7600 | c68ee8931a32d45eb82dc450ee40efc3 | False | 0.7628111758474576 | data | 6.7972128181359786 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xd45a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0xd46d0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
RT_ICON | 0xd47f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_ICON | 0xd4920 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | English | Great Britain | 0.3333333333333333 |
RT_ICON | 0xd4c08 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | English | Great Britain | 0.5 |
RT_ICON | 0xd4d30 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | Great Britain | 0.2835820895522388 |
RT_ICON | 0xd5bd8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | Great Britain | 0.37906137184115524 |
RT_ICON | 0xd6480 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | Great Britain | 0.23699421965317918 |
RT_ICON | 0xd69e8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | Great Britain | 0.13858921161825727 |
RT_ICON | 0xd8f90 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | Great Britain | 0.25070356472795496 |
RT_ICON | 0xda038 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | Great Britain | 0.3173758865248227 |
RT_MENU | 0xda4a0 | 0x50 | data | English | Great Britain | 0.9 |
RT_STRING | 0xda4f0 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
RT_STRING | 0xdaa84 | 0x68a | data | English | Great Britain | 0.2735961768219833 |
RT_STRING | 0xdb110 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
RT_STRING | 0xdb5a0 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
RT_STRING | 0xdbb9c | 0x65c | data | English | Great Britain | 0.34336609336609336 |
RT_STRING | 0xdc1f8 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
RT_STRING | 0xdc660 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
RT_RCDATA | 0xdc7b8 | 0x1a3c | data | 1.0016378796902918 | ||
RT_GROUP_ICON | 0xde1f4 | 0x76 | data | English | Great Britain | 0.6610169491525424 |
RT_GROUP_ICON | 0xde26c | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0xde280 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0xde294 | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0xde2a8 | 0xdc | data | English | Great Britain | 0.6181818181818182 |
RT_MANIFEST | 0xde384 | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
DLL | Import |
---|---|
WSOCK32.dll | gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect |
VERSION.dll | GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW |
WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
MPR.dll | WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W |
WININET.dll | HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable |
PSAPI.DLL | GetProcessMemoryInfo |
IPHLPAPI.DLL | IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile |
USERENV.dll | DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile |
UxTheme.dll | IsThemeActive |
KERNEL32.dll | DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW |
USER32.dll | GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient |
GDI32.dll | EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath |
COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW |
SHELL32.dll | DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW |
ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket |
OLEAUT32.dll | CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 20, 2024 13:27:13.588239908 CET | 50808 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 20, 2024 13:27:13.588282108 CET | 443 | 50808 | 35.190.72.216 | 192.168.2.6 |
Nov 20, 2024 13:27:13.588792086 CET | 50809 | 443 | 192.168.2.6 | 142.250.186.142 |
Nov 20, 2024 13:27:13.588824034 CET | 443 | 50809 | 142.250.186.142 | 192.168.2.6 |
Nov 20, 2024 13:27:13.589051008 CET | 50810 | 443 | 192.168.2.6 | 142.250.186.142 |
Nov 20, 2024 13:27:13.589091063 CET | 443 | 50810 | 142.250.186.142 | 192.168.2.6 |
Nov 20, 2024 13:27:13.590204000 CET | 50809 | 443 | 192.168.2.6 | 142.250.186.142 |
Nov 20, 2024 13:27:13.590207100 CET | 50808 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 20, 2024 13:27:13.590306044 CET | 50810 | 443 | 192.168.2.6 | 142.250.186.142 |
Nov 20, 2024 13:27:13.595822096 CET | 50808 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 20, 2024 13:27:13.595856905 CET | 443 | 50808 | 35.190.72.216 | 192.168.2.6 |
Nov 20, 2024 13:27:13.597254038 CET | 50809 | 443 | 192.168.2.6 | 142.250.186.142 |
Nov 20, 2024 13:27:13.597279072 CET | 443 | 50809 | 142.250.186.142 | 192.168.2.6 |
Nov 20, 2024 13:27:13.598545074 CET | 50810 | 443 | 192.168.2.6 | 142.250.186.142 |
Nov 20, 2024 13:27:13.598565102 CET | 443 | 50810 | 142.250.186.142 | 192.168.2.6 |
Nov 20, 2024 13:27:13.918948889 CET | 50814 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:13.918972969 CET | 443 | 50814 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:13.928020954 CET | 50814 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:13.929805994 CET | 50814 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:13.929821968 CET | 443 | 50814 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:13.945709944 CET | 50815 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:13.945729971 CET | 443 | 50815 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:13.954596996 CET | 50815 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:13.954737902 CET | 50815 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:13.954749107 CET | 443 | 50815 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:13.956243038 CET | 50816 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:13.956276894 CET | 443 | 50816 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:13.956365108 CET | 50816 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:13.957736969 CET | 50816 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:13.957750082 CET | 443 | 50816 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:14.081801891 CET | 443 | 50808 | 35.190.72.216 | 192.168.2.6 |
Nov 20, 2024 13:27:14.081965923 CET | 50808 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 20, 2024 13:27:14.144897938 CET | 50819 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:14.149329901 CET | 50808 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 20, 2024 13:27:14.149364948 CET | 443 | 50808 | 35.190.72.216 | 192.168.2.6 |
Nov 20, 2024 13:27:14.149465084 CET | 50808 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 20, 2024 13:27:14.149673939 CET | 443 | 50808 | 35.190.72.216 | 192.168.2.6 |
Nov 20, 2024 13:27:14.152021885 CET | 80 | 50819 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:14.156347990 CET | 50808 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 20, 2024 13:27:14.156517029 CET | 50819 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:14.160459995 CET | 50819 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:14.165389061 CET | 80 | 50819 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:14.184434891 CET | 50820 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:14.184463978 CET | 443 | 50820 | 34.160.144.191 | 192.168.2.6 |
Nov 20, 2024 13:27:14.184730053 CET | 50820 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:14.184906006 CET | 50820 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:14.184916019 CET | 443 | 50820 | 34.160.144.191 | 192.168.2.6 |
Nov 20, 2024 13:27:14.241729021 CET | 443 | 50810 | 142.250.186.142 | 192.168.2.6 |
Nov 20, 2024 13:27:14.241849899 CET | 50810 | 443 | 192.168.2.6 | 142.250.186.142 |
Nov 20, 2024 13:27:14.242454052 CET | 443 | 50810 | 142.250.186.142 | 192.168.2.6 |
Nov 20, 2024 13:27:14.242826939 CET | 50810 | 443 | 192.168.2.6 | 142.250.186.142 |
Nov 20, 2024 13:27:14.246670008 CET | 50810 | 443 | 192.168.2.6 | 142.250.186.142 |
Nov 20, 2024 13:27:14.246689081 CET | 443 | 50810 | 142.250.186.142 | 192.168.2.6 |
Nov 20, 2024 13:27:14.246807098 CET | 50810 | 443 | 192.168.2.6 | 142.250.186.142 |
Nov 20, 2024 13:27:14.246890068 CET | 443 | 50810 | 142.250.186.142 | 192.168.2.6 |
Nov 20, 2024 13:27:14.246973038 CET | 50810 | 443 | 192.168.2.6 | 142.250.186.142 |
Nov 20, 2024 13:27:14.257467985 CET | 443 | 50809 | 142.250.186.142 | 192.168.2.6 |
Nov 20, 2024 13:27:14.257548094 CET | 50809 | 443 | 192.168.2.6 | 142.250.186.142 |
Nov 20, 2024 13:27:14.258488894 CET | 443 | 50809 | 142.250.186.142 | 192.168.2.6 |
Nov 20, 2024 13:27:14.258606911 CET | 50809 | 443 | 192.168.2.6 | 142.250.186.142 |
Nov 20, 2024 13:27:14.262326002 CET | 50809 | 443 | 192.168.2.6 | 142.250.186.142 |
Nov 20, 2024 13:27:14.262336969 CET | 443 | 50809 | 142.250.186.142 | 192.168.2.6 |
Nov 20, 2024 13:27:14.262423992 CET | 50809 | 443 | 192.168.2.6 | 142.250.186.142 |
Nov 20, 2024 13:27:14.262589931 CET | 443 | 50809 | 142.250.186.142 | 192.168.2.6 |
Nov 20, 2024 13:27:14.262650967 CET | 50809 | 443 | 192.168.2.6 | 142.250.186.142 |
Nov 20, 2024 13:27:14.415533066 CET | 443 | 50814 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:14.415549040 CET | 443 | 50814 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:14.415612936 CET | 50814 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:14.419766903 CET | 50814 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:14.419778109 CET | 443 | 50814 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:14.419891119 CET | 50814 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:14.420017004 CET | 443 | 50814 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:14.420072079 CET | 50814 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:14.420300961 CET | 50821 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:14.420341969 CET | 443 | 50821 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:14.420497894 CET | 50821 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:14.421993971 CET | 50821 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:14.422015905 CET | 443 | 50821 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:14.431328058 CET | 443 | 50816 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:14.431406021 CET | 50816 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:14.436623096 CET | 50816 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:14.436630011 CET | 443 | 50816 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:14.436733961 CET | 50816 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:14.436914921 CET | 443 | 50816 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:14.437098980 CET | 50822 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:14.437131882 CET | 443 | 50822 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:14.437144041 CET | 50816 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:14.437212944 CET | 50822 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:14.438555002 CET | 50822 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:14.438570023 CET | 443 | 50822 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:14.455573082 CET | 443 | 50815 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:14.455589056 CET | 443 | 50815 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:14.455652952 CET | 50815 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:14.458880901 CET | 50815 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:14.458893061 CET | 443 | 50815 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:14.459139109 CET | 443 | 50815 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:14.462167978 CET | 50815 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:14.462259054 CET | 50815 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:14.462325096 CET | 443 | 50815 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:14.462404966 CET | 50815 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:14.630160093 CET | 80 | 50819 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:14.631699085 CET | 50819 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:14.637428045 CET | 80 | 50819 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:14.644875050 CET | 443 | 50820 | 34.160.144.191 | 192.168.2.6 |
Nov 20, 2024 13:27:14.646569014 CET | 50819 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:14.646625996 CET | 50820 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:14.653244972 CET | 50820 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:14.653259993 CET | 443 | 50820 | 34.160.144.191 | 192.168.2.6 |
Nov 20, 2024 13:27:14.653605938 CET | 443 | 50820 | 34.160.144.191 | 192.168.2.6 |
Nov 20, 2024 13:27:14.656184912 CET | 50820 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:14.656317949 CET | 50820 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:14.656343937 CET | 443 | 50820 | 34.160.144.191 | 192.168.2.6 |
Nov 20, 2024 13:27:14.656771898 CET | 50824 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:14.656812906 CET | 443 | 50824 | 34.160.144.191 | 192.168.2.6 |
Nov 20, 2024 13:27:14.662137032 CET | 50820 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:14.662152052 CET | 50820 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:14.662200928 CET | 50824 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:14.662547112 CET | 50824 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:14.662559032 CET | 443 | 50824 | 34.160.144.191 | 192.168.2.6 |
Nov 20, 2024 13:27:15.220223904 CET | 443 | 50822 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:15.220340967 CET | 50822 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:15.220721006 CET | 443 | 50821 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:15.224855900 CET | 50822 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:15.224868059 CET | 443 | 50822 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:15.224961042 CET | 50822 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:15.225052118 CET | 443 | 50822 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:15.225158930 CET | 50822 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:15.225398064 CET | 50821 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:15.229322910 CET | 50821 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:15.229335070 CET | 443 | 50821 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:15.229441881 CET | 50821 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:15.229495049 CET | 443 | 50821 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:15.231142998 CET | 443 | 50824 | 34.160.144.191 | 192.168.2.6 |
Nov 20, 2024 13:27:15.232634068 CET | 50821 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:15.232671976 CET | 50824 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:15.265294075 CET | 50824 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:15.265325069 CET | 443 | 50824 | 34.160.144.191 | 192.168.2.6 |
Nov 20, 2024 13:27:15.266218901 CET | 443 | 50824 | 34.160.144.191 | 192.168.2.6 |
Nov 20, 2024 13:27:15.267565966 CET | 50824 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:15.267648935 CET | 50824 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:15.267996073 CET | 443 | 50824 | 34.160.144.191 | 192.168.2.6 |
Nov 20, 2024 13:27:15.271533012 CET | 50824 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:15.271550894 CET | 50824 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 20, 2024 13:27:15.434429884 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:15.439361095 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:15.446481943 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:15.446680069 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:15.452316046 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:15.838717937 CET | 50836 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:15.838740110 CET | 443 | 50836 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:15.871519089 CET | 50836 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:15.897401094 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:15.926368952 CET | 50836 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:15.926418066 CET | 443 | 50836 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:15.952491045 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:16.411994934 CET | 443 | 50836 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:16.412014961 CET | 443 | 50836 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:16.412096024 CET | 50836 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:16.416960001 CET | 50836 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:16.416966915 CET | 443 | 50836 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:16.417057991 CET | 50836 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:16.417135954 CET | 443 | 50836 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:16.417206049 CET | 50836 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:19.683425903 CET | 50860 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:19.683485031 CET | 443 | 50860 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:19.688503981 CET | 50860 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:19.708233118 CET | 50860 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:19.708256960 CET | 443 | 50860 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:19.716996908 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:19.724534035 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:19.724741936 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:19.724904060 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:19.729865074 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:20.176084042 CET | 443 | 50860 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:20.176194906 CET | 50860 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:20.180283070 CET | 50860 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:20.180299997 CET | 443 | 50860 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:20.180568933 CET | 443 | 50860 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:20.180610895 CET | 50860 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:20.180634975 CET | 443 | 50860 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:20.188436031 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:20.227933884 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:20.395334005 CET | 443 | 50860 | 34.117.188.166 | 192.168.2.6 |
Nov 20, 2024 13:27:20.412550926 CET | 50860 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 20, 2024 13:27:20.827280998 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:20.832288980 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:20.900402069 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:20.905369997 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:20.922697067 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:20.968590975 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:20.998538971 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:21.037642956 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:23.999021053 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:24.004492044 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:24.096065044 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:24.161550999 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:25.395626068 CET | 50907 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:25.395674944 CET | 443 | 50907 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:25.395749092 CET | 50907 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:25.410500050 CET | 50907 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:25.410518885 CET | 443 | 50907 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:25.435535908 CET | 50908 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:25.435570955 CET | 443 | 50908 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:27:25.437648058 CET | 50908 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:25.439225912 CET | 50908 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:25.439240932 CET | 443 | 50908 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:27:25.526438951 CET | 50909 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:25.526465893 CET | 443 | 50909 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:25.527750015 CET | 50909 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:25.527858019 CET | 50909 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:25.527865887 CET | 443 | 50909 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:25.882211924 CET | 443 | 50907 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:25.882419109 CET | 50907 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:25.888139009 CET | 50907 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:25.888155937 CET | 443 | 50907 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:25.888258934 CET | 50907 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:25.888333082 CET | 443 | 50907 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:25.888389111 CET | 50907 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:25.901329994 CET | 443 | 50908 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:27:25.901683092 CET | 50908 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:25.906004906 CET | 50908 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:25.906018972 CET | 443 | 50908 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:27:25.906107903 CET | 50908 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:25.906250954 CET | 443 | 50908 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:27:25.906307936 CET | 50908 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:25.988308907 CET | 443 | 50909 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:25.988394022 CET | 50909 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:25.991341114 CET | 50909 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:25.991350889 CET | 443 | 50909 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:25.991606951 CET | 443 | 50909 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:25.993582010 CET | 50909 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:25.993686914 CET | 50909 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:25.993742943 CET | 443 | 50909 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:25.993828058 CET | 50909 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:26.303458929 CET | 50914 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:26.303491116 CET | 443 | 50914 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:26.303558111 CET | 50914 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:26.304943085 CET | 50914 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:26.304958105 CET | 443 | 50914 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:26.388684988 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:26.396342993 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:26.401681900 CET | 50915 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:26.401704073 CET | 443 | 50915 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:26.401767969 CET | 50915 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:26.403275013 CET | 50915 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:26.403291941 CET | 443 | 50915 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:26.491965055 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:26.528974056 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:26.536005020 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:26.547032118 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:26.688172102 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:26.732036114 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:26.856411934 CET | 443 | 50914 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:26.856612921 CET | 50914 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:26.861974955 CET | 50914 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:26.861982107 CET | 443 | 50914 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:26.862080097 CET | 50914 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:26.862258911 CET | 443 | 50914 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:26.862315893 CET | 50914 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:26.963258028 CET | 443 | 50915 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:26.963438034 CET | 50915 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:26.968513966 CET | 50915 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:26.968527079 CET | 443 | 50915 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:26.968624115 CET | 50915 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:26.968755960 CET | 443 | 50915 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:26.968816042 CET | 50915 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:26.977252007 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:26.982150078 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:26.987612963 CET | 50920 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:26.987667084 CET | 443 | 50920 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:26.989619017 CET | 50920 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:26.989856958 CET | 50920 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:26.989878893 CET | 443 | 50920 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:27.075684071 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:27.117640018 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:27.130429029 CET | 50923 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.130482912 CET | 443 | 50923 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:27.130491018 CET | 50922 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.130558014 CET | 443 | 50922 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:27.133308887 CET | 50923 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.133367062 CET | 50922 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.134826899 CET | 50923 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.134845972 CET | 443 | 50923 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:27.134999990 CET | 50922 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.135020971 CET | 443 | 50922 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:27.238164902 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:27.244461060 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:27.348987103 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:27.402894020 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:27.447604895 CET | 443 | 50920 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:27.447679996 CET | 50920 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.450865984 CET | 50920 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.450880051 CET | 443 | 50920 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:27.451162100 CET | 443 | 50920 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:27.452981949 CET | 50920 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.453150988 CET | 50920 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.453181982 CET | 443 | 50920 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:27.454231977 CET | 50920 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.454231977 CET | 50920 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.541522026 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:27.548434973 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:27.615319967 CET | 443 | 50922 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:27.615505934 CET | 50922 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.620417118 CET | 50922 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.620429039 CET | 443 | 50922 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:27.620683908 CET | 443 | 50922 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:27.630953074 CET | 443 | 50923 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:27.631752014 CET | 50923 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.642220974 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:27.650988102 CET | 50922 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.651005983 CET | 50922 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.652898073 CET | 443 | 50922 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:27.653347969 CET | 50923 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.653371096 CET | 443 | 50923 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:27.653419018 CET | 50923 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.653749943 CET | 443 | 50923 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:27:27.656770945 CET | 50923 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.656800985 CET | 50922 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:27:27.666857004 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:27.666919947 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:27.671750069 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:27.672058105 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:27.812417030 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:27.816184044 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:27.827348948 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:27.835089922 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:27.866619110 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:27.928637028 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:27.989089012 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:31.715327978 CET | 50946 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:31.715358019 CET | 443 | 50946 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:27:31.715965033 CET | 50946 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:31.717528105 CET | 50946 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:31.717542887 CET | 443 | 50946 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:27:32.193497896 CET | 443 | 50946 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:27:32.193670988 CET | 50946 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:32.199404955 CET | 50946 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:32.199421883 CET | 443 | 50946 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:27:32.199527979 CET | 50946 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:32.199626923 CET | 443 | 50946 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:27:32.199804068 CET | 50946 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:33.164971113 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:33.169887066 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:33.267363071 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:33.312266111 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:33.389065981 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:33.395359039 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:33.485510111 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:33.528451920 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:40.948826075 CET | 51007 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:40.948860884 CET | 443 | 51007 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:40.949022055 CET | 51007 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:40.949157000 CET | 51007 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:40.949174881 CET | 443 | 51007 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:40.954627991 CET | 51008 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:40.954670906 CET | 443 | 51008 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:40.954837084 CET | 51008 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:40.955037117 CET | 51008 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:40.955058098 CET | 443 | 51008 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:40.959260941 CET | 51009 | 443 | 192.168.2.6 | 151.101.1.91 |
Nov 20, 2024 13:27:40.959299088 CET | 443 | 51009 | 151.101.1.91 | 192.168.2.6 |
Nov 20, 2024 13:27:40.959388971 CET | 51009 | 443 | 192.168.2.6 | 151.101.1.91 |
Nov 20, 2024 13:27:40.959589958 CET | 51009 | 443 | 192.168.2.6 | 151.101.1.91 |
Nov 20, 2024 13:27:40.959604979 CET | 443 | 51009 | 151.101.1.91 | 192.168.2.6 |
Nov 20, 2024 13:27:41.421688080 CET | 443 | 51008 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.421834946 CET | 51008 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.423070908 CET | 443 | 51007 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:41.425359964 CET | 51008 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.425369024 CET | 443 | 51008 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.425632954 CET | 443 | 51008 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.426378965 CET | 443 | 51009 | 151.101.1.91 | 192.168.2.6 |
Nov 20, 2024 13:27:41.430540085 CET | 51007 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:41.431334972 CET | 443 | 51009 | 151.101.1.91 | 192.168.2.6 |
Nov 20, 2024 13:27:41.431385040 CET | 51009 | 443 | 192.168.2.6 | 151.101.1.91 |
Nov 20, 2024 13:27:41.433465004 CET | 51007 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:41.433484077 CET | 443 | 51007 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:41.433803082 CET | 443 | 51007 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:41.433830023 CET | 51009 | 443 | 192.168.2.6 | 151.101.1.91 |
Nov 20, 2024 13:27:41.436676025 CET | 51009 | 443 | 192.168.2.6 | 151.101.1.91 |
Nov 20, 2024 13:27:41.436686993 CET | 443 | 51009 | 151.101.1.91 | 192.168.2.6 |
Nov 20, 2024 13:27:41.436996937 CET | 443 | 51009 | 151.101.1.91 | 192.168.2.6 |
Nov 20, 2024 13:27:41.442745924 CET | 51008 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.442840099 CET | 51008 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.442990065 CET | 443 | 51008 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.444317102 CET | 51007 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:41.444380045 CET | 51007 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:41.444457054 CET | 51009 | 443 | 192.168.2.6 | 151.101.1.91 |
Nov 20, 2024 13:27:41.444524050 CET | 51009 | 443 | 192.168.2.6 | 151.101.1.91 |
Nov 20, 2024 13:27:41.444590092 CET | 443 | 51007 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:41.444675922 CET | 443 | 51009 | 151.101.1.91 | 192.168.2.6 |
Nov 20, 2024 13:27:41.447845936 CET | 51009 | 443 | 192.168.2.6 | 151.101.1.91 |
Nov 20, 2024 13:27:41.447901964 CET | 51008 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.447912931 CET | 51009 | 443 | 192.168.2.6 | 151.101.1.91 |
Nov 20, 2024 13:27:41.447913885 CET | 51007 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:41.460431099 CET | 51014 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.460484982 CET | 443 | 51014 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.460721970 CET | 51014 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.460851908 CET | 51014 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.460860014 CET | 443 | 51014 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.463331938 CET | 51015 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.463376045 CET | 443 | 51015 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.464211941 CET | 51015 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.464350939 CET | 51015 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.464365005 CET | 443 | 51015 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.466908932 CET | 51016 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.466944933 CET | 443 | 51016 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.467078924 CET | 51016 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.467186928 CET | 51016 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.467200994 CET | 443 | 51016 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.484143019 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:41.484646082 CET | 51018 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 20, 2024 13:27:41.484688997 CET | 443 | 51018 | 35.190.72.216 | 192.168.2.6 |
Nov 20, 2024 13:27:41.490288019 CET | 51018 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 20, 2024 13:27:41.491980076 CET | 51018 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 20, 2024 13:27:41.492002964 CET | 443 | 51018 | 35.190.72.216 | 192.168.2.6 |
Nov 20, 2024 13:27:41.492018938 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:41.507209063 CET | 51019 | 443 | 192.168.2.6 | 35.201.103.21 |
Nov 20, 2024 13:27:41.507242918 CET | 443 | 51019 | 35.201.103.21 | 192.168.2.6 |
Nov 20, 2024 13:27:41.521244049 CET | 51019 | 443 | 192.168.2.6 | 35.201.103.21 |
Nov 20, 2024 13:27:41.522938013 CET | 51019 | 443 | 192.168.2.6 | 35.201.103.21 |
Nov 20, 2024 13:27:41.522953033 CET | 443 | 51019 | 35.201.103.21 | 192.168.2.6 |
Nov 20, 2024 13:27:41.582417011 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:41.586481094 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:41.595407009 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:41.637309074 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:41.684730053 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:41.737637043 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:41.928356886 CET | 443 | 51014 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.928478003 CET | 51014 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.931277990 CET | 443 | 51015 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.931421041 CET | 51015 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.931740999 CET | 51014 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.931754112 CET | 443 | 51014 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.932055950 CET | 443 | 51014 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.934248924 CET | 443 | 51016 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.935743093 CET | 51015 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.935770988 CET | 443 | 51015 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.936083078 CET | 443 | 51015 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.936172962 CET | 51016 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.939783096 CET | 51016 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.939817905 CET | 443 | 51016 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.940138102 CET | 443 | 51016 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.943686008 CET | 51014 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.944128036 CET | 443 | 51014 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.944281101 CET | 51014 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.944576979 CET | 51014 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.944597006 CET | 443 | 51014 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.945405006 CET | 51015 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.945497036 CET | 51015 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.945674896 CET | 443 | 51015 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.946038008 CET | 51016 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.946119070 CET | 51016 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.946259022 CET | 443 | 51016 | 35.244.181.201 | 192.168.2.6 |
Nov 20, 2024 13:27:41.948151112 CET | 443 | 51018 | 35.190.72.216 | 192.168.2.6 |
Nov 20, 2024 13:27:41.952539921 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:41.953010082 CET | 51015 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.953031063 CET | 51016 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 20, 2024 13:27:41.953044891 CET | 51018 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 20, 2024 13:27:41.957523108 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:41.959742069 CET | 51018 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 20, 2024 13:27:41.959754944 CET | 443 | 51018 | 35.190.72.216 | 192.168.2.6 |
Nov 20, 2024 13:27:41.959830046 CET | 51018 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 20, 2024 13:27:41.960014105 CET | 443 | 51018 | 35.190.72.216 | 192.168.2.6 |
Nov 20, 2024 13:27:41.960179090 CET | 51018 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 20, 2024 13:27:41.986221075 CET | 443 | 51019 | 35.201.103.21 | 192.168.2.6 |
Nov 20, 2024 13:27:41.986237049 CET | 443 | 51019 | 35.201.103.21 | 192.168.2.6 |
Nov 20, 2024 13:27:41.986295938 CET | 51019 | 443 | 192.168.2.6 | 35.201.103.21 |
Nov 20, 2024 13:27:41.991398096 CET | 51019 | 443 | 192.168.2.6 | 35.201.103.21 |
Nov 20, 2024 13:27:41.991431952 CET | 443 | 51019 | 35.201.103.21 | 192.168.2.6 |
Nov 20, 2024 13:27:41.991498947 CET | 51019 | 443 | 192.168.2.6 | 35.201.103.21 |
Nov 20, 2024 13:27:41.991651058 CET | 443 | 51019 | 35.201.103.21 | 192.168.2.6 |
Nov 20, 2024 13:27:41.993294001 CET | 51019 | 443 | 192.168.2.6 | 35.201.103.21 |
Nov 20, 2024 13:27:42.007491112 CET | 51021 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:42.007535934 CET | 443 | 51021 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:42.008188009 CET | 51021 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:42.008343935 CET | 51021 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:42.008354902 CET | 443 | 51021 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:42.053170919 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:42.057856083 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:42.066593885 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:42.107594013 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:42.156647921 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:42.207957983 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:42.488338947 CET | 443 | 51021 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:42.488436937 CET | 51021 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:42.491942883 CET | 51021 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:42.491956949 CET | 443 | 51021 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:42.492212057 CET | 443 | 51021 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:42.495093107 CET | 51021 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:42.495270014 CET | 443 | 51021 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:42.495277882 CET | 51021 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:42.495285988 CET | 443 | 51021 | 34.149.100.209 | 192.168.2.6 |
Nov 20, 2024 13:27:42.497469902 CET | 51021 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 20, 2024 13:27:42.498924971 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:42.509833097 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:42.620759964 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:42.625180960 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:42.632354021 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:42.671646118 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:42.720029116 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:42.771924019 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:43.174920082 CET | 51033 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:43.174954891 CET | 443 | 51033 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:27:43.176966906 CET | 51033 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:43.183047056 CET | 51033 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:43.183083057 CET | 443 | 51033 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:27:43.662633896 CET | 443 | 51033 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:27:43.662714005 CET | 51033 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:43.668375015 CET | 51033 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:43.668395042 CET | 443 | 51033 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:27:43.668509007 CET | 51033 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:43.668548107 CET | 443 | 51033 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:27:43.669291973 CET | 51033 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:27:43.671966076 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:43.679498911 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:43.770255089 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:43.773956060 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:43.778790951 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:43.813214064 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:43.871100903 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:43.913511992 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:44.427855968 CET | 51905 | 443 | 192.168.2.6 | 142.250.65.238 |
Nov 20, 2024 13:27:44.427882910 CET | 443 | 51905 | 142.250.65.238 | 192.168.2.6 |
Nov 20, 2024 13:27:44.428328037 CET | 51905 | 443 | 192.168.2.6 | 142.250.65.238 |
Nov 20, 2024 13:27:44.428515911 CET | 51905 | 443 | 192.168.2.6 | 142.250.65.238 |
Nov 20, 2024 13:27:44.428535938 CET | 443 | 51905 | 142.250.65.238 | 192.168.2.6 |
Nov 20, 2024 13:27:44.903400898 CET | 443 | 51905 | 142.250.65.238 | 192.168.2.6 |
Nov 20, 2024 13:27:44.904179096 CET | 443 | 51905 | 142.250.65.238 | 192.168.2.6 |
Nov 20, 2024 13:27:44.904774904 CET | 51905 | 443 | 192.168.2.6 | 142.250.65.238 |
Nov 20, 2024 13:27:44.904803038 CET | 443 | 51905 | 142.250.65.238 | 192.168.2.6 |
Nov 20, 2024 13:27:44.908468962 CET | 51905 | 443 | 192.168.2.6 | 142.250.65.238 |
Nov 20, 2024 13:27:44.908480883 CET | 443 | 51905 | 142.250.65.238 | 192.168.2.6 |
Nov 20, 2024 13:27:44.908826113 CET | 443 | 51905 | 142.250.65.238 | 192.168.2.6 |
Nov 20, 2024 13:27:44.911951065 CET | 51905 | 443 | 192.168.2.6 | 142.250.65.238 |
Nov 20, 2024 13:27:44.912012100 CET | 51905 | 443 | 192.168.2.6 | 142.250.65.238 |
Nov 20, 2024 13:27:44.912237883 CET | 443 | 51905 | 142.250.65.238 | 192.168.2.6 |
Nov 20, 2024 13:27:44.915836096 CET | 51905 | 443 | 192.168.2.6 | 142.250.65.238 |
Nov 20, 2024 13:27:44.917608023 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:44.926806927 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:45.016253948 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:45.020421982 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:45.025283098 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:45.063659906 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:45.115000963 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:45.163969994 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:55.031267881 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:55.036427975 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:27:55.131593943 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:27:55.139230013 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:03.766199112 CET | 51960 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:28:03.766225100 CET | 443 | 51960 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:28:03.766295910 CET | 51960 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:28:03.767910004 CET | 51960 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:28:03.767925024 CET | 443 | 51960 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:28:04.223014116 CET | 443 | 51960 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:28:04.223164082 CET | 51960 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:28:04.228293896 CET | 51960 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:28:04.228312016 CET | 443 | 51960 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:28:04.228411913 CET | 51960 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:28:04.228462934 CET | 443 | 51960 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:28:04.228548050 CET | 51960 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:28:04.231230974 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:04.236064911 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:04.331671953 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:04.335597992 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:04.342608929 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:04.387156010 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:04.430867910 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:04.487526894 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:11.331688881 CET | 51962 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.331715107 CET | 443 | 51962 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.331841946 CET | 51963 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.331876993 CET | 443 | 51963 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.331983089 CET | 51964 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.332012892 CET | 443 | 51964 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.332104921 CET | 51965 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.332149982 CET | 443 | 51965 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.332235098 CET | 51966 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.332242966 CET | 443 | 51966 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.332351923 CET | 51967 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.332359076 CET | 443 | 51967 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.333143950 CET | 51962 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.333153009 CET | 51964 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.333158016 CET | 51963 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.333173037 CET | 51966 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.333174944 CET | 51965 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.333174944 CET | 51967 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.333352089 CET | 51962 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.333364964 CET | 443 | 51962 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.333471060 CET | 51967 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.333483934 CET | 443 | 51967 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.333554029 CET | 51966 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.333570004 CET | 443 | 51966 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.333630085 CET | 51965 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.333641052 CET | 443 | 51965 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.333704948 CET | 51964 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.333714008 CET | 443 | 51964 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.333774090 CET | 51963 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.333796024 CET | 443 | 51963 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.824259043 CET | 443 | 51966 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.824347019 CET | 51966 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.824506044 CET | 443 | 51964 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.824820995 CET | 51964 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.827877998 CET | 51966 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.827893019 CET | 443 | 51966 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.828180075 CET | 443 | 51966 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.828463078 CET | 443 | 51965 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.828588963 CET | 51965 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.828758955 CET | 443 | 51962 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.829286098 CET | 51962 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.830625057 CET | 51964 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.830636978 CET | 443 | 51964 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.830923080 CET | 443 | 51964 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.831271887 CET | 443 | 51963 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.833802938 CET | 51965 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.833827972 CET | 443 | 51965 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.834141016 CET | 443 | 51965 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.836311102 CET | 51962 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.836328030 CET | 443 | 51962 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.836658001 CET | 443 | 51962 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.839325905 CET | 443 | 51963 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.839919090 CET | 51966 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.840140104 CET | 443 | 51966 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.840229034 CET | 51966 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.840236902 CET | 443 | 51966 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.840598106 CET | 51963 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.841257095 CET | 51964 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.841365099 CET | 51964 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.844182014 CET | 51963 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.844189882 CET | 443 | 51963 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.844443083 CET | 443 | 51963 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.845593929 CET | 51968 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.845632076 CET | 443 | 51968 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.845783949 CET | 51965 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.845870018 CET | 51965 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.845972061 CET | 443 | 51965 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.846349001 CET | 51969 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.846391916 CET | 443 | 51969 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.847747087 CET | 51962 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.847825050 CET | 51962 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.847984076 CET | 443 | 51962 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.848443985 CET | 51963 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.848516941 CET | 51963 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.848591089 CET | 443 | 51963 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.849602938 CET | 51965 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.849620104 CET | 51962 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.849636078 CET | 51963 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.849658012 CET | 51968 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.849661112 CET | 51969 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.849818945 CET | 51968 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.849832058 CET | 443 | 51968 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.849900961 CET | 51969 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.849916935 CET | 443 | 51969 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.870640039 CET | 443 | 51967 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.870738029 CET | 51967 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.874142885 CET | 51967 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.874169111 CET | 443 | 51967 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.874371052 CET | 443 | 51967 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.877218962 CET | 51967 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.877357006 CET | 51967 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.877527952 CET | 443 | 51967 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:11.877846003 CET | 51967 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:11.888331890 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:11.895781994 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:11.987001896 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:12.001837015 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:12.008521080 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:12.041059971 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:12.051330090 CET | 443 | 51966 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:12.051487923 CET | 51966 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:12.096877098 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:12.141335011 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:12.325514078 CET | 443 | 51968 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:12.325592995 CET | 51968 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:12.328805923 CET | 51968 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:12.328825951 CET | 443 | 51968 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:12.329090118 CET | 443 | 51968 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:12.331231117 CET | 51968 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:12.331338882 CET | 51968 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:12.331423044 CET | 443 | 51968 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:12.331475019 CET | 51968 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:12.334280968 CET | 443 | 51969 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:12.334785938 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:12.335000038 CET | 51969 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:12.338114023 CET | 51969 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:12.338123083 CET | 443 | 51969 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:12.338356972 CET | 443 | 51969 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:12.340444088 CET | 51969 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:12.340559006 CET | 51969 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:12.340595007 CET | 443 | 51969 | 34.120.208.123 | 192.168.2.6 |
Nov 20, 2024 13:28:12.340709925 CET | 51969 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 20, 2024 13:28:12.341483116 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:12.433439970 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:12.479979992 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:12.495354891 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:12.503479958 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:12.593872070 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:12.642975092 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:14.133789062 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:14.138822079 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:14.231965065 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:14.239624977 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:14.248322010 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:14.285361052 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:14.396898985 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:14.448061943 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:24.246583939 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:24.252065897 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:24.400264025 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:24.408253908 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:34.259737015 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:34.264609098 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:34.429017067 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:34.433906078 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:44.272914886 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:44.278323889 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:44.401557922 CET | 51973 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:28:44.401612997 CET | 443 | 51973 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:28:44.401765108 CET | 51973 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:28:44.403278112 CET | 51973 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:28:44.403297901 CET | 443 | 51973 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:28:44.435678959 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:44.440660000 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:44.872176886 CET | 443 | 51973 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:28:44.872411013 CET | 51973 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:28:44.877613068 CET | 51973 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:28:44.877620935 CET | 443 | 51973 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:28:44.877733946 CET | 51973 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:28:44.877809048 CET | 443 | 51973 | 34.107.243.93 | 192.168.2.6 |
Nov 20, 2024 13:28:44.877938032 CET | 51973 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 20, 2024 13:28:44.880534887 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:44.885735989 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:44.979408979 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:44.983392954 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:44.989291906 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:45.021445990 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:45.080324888 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:45.121737003 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:54.988507032 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:54.993442059 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:28:55.088789940 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:28:55.093676090 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:29:04.994741917 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:29:05.001609087 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:29:05.095132113 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:29:05.100918055 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:29:15.016215086 CET | 50861 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:29:15.023289919 CET | 80 | 50861 | 34.107.221.82 | 192.168.2.6 |
Nov 20, 2024 13:29:15.100883007 CET | 50830 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 20, 2024 13:29:15.105866909 CET | 80 | 50830 | 34.107.221.82 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 20, 2024 13:27:13.565107107 CET | 59204 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:13.572503090 CET | 53 | 59204 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:13.574242115 CET | 62606 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:13.581466913 CET | 53 | 62606 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:13.590882063 CET | 52968 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:13.591169119 CET | 60625 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:13.597891092 CET | 53 | 52968 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:13.599648952 CET | 53 | 60625 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:13.600444078 CET | 59071 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:13.600975037 CET | 50253 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:13.608041048 CET | 53 | 59071 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:13.608752012 CET | 53 | 50253 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:13.907891989 CET | 54101 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:13.917455912 CET | 53 | 54101 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:13.919444084 CET | 55733 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:13.928788900 CET | 53 | 55733 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:13.939635038 CET | 60453 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:13.943283081 CET | 52745 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:13.946192026 CET | 63644 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:13.949076891 CET | 53 | 60453 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:13.951195955 CET | 53 | 52745 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:13.953885078 CET | 53 | 63644 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:13.955411911 CET | 53903 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:13.958657980 CET | 60239 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:13.962240934 CET | 53 | 53903 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:13.966747999 CET | 53 | 60239 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:13.967730045 CET | 59430 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:13.975168943 CET | 53 | 59430 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:14.142393112 CET | 54211 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:14.149708986 CET | 53 | 54211 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:14.157145023 CET | 64228 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:14.164994001 CET | 53 | 64228 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:14.175570011 CET | 50771 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:14.182909966 CET | 53 | 50771 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:14.184636116 CET | 52360 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:14.192543030 CET | 53 | 52360 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:14.193342924 CET | 58078 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:14.200263977 CET | 53 | 58078 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:14.591512918 CET | 55805 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:14.684422016 CET | 53 | 52602 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:14.920253992 CET | 57697 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:14.921020985 CET | 53417 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:15.066701889 CET | 63010 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:15.431711912 CET | 53 | 53417 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:15.431768894 CET | 53 | 57697 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:19.717987061 CET | 52384 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:19.727834940 CET | 53 | 52384 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:19.729407072 CET | 57246 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:19.739155054 CET | 53 | 57246 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:19.739959002 CET | 51164 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:19.769149065 CET | 53 | 51164 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:24.024039984 CET | 51815 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:24.033318996 CET | 53 | 51815 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:24.040477991 CET | 53795 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:24.049920082 CET | 53 | 53795 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:24.052206993 CET | 57156 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:24.063867092 CET | 53 | 57156 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:25.395803928 CET | 60801 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:25.405087948 CET | 53 | 60801 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:25.405917883 CET | 60772 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:25.415150881 CET | 53 | 60772 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:25.513890028 CET | 54373 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:25.523418903 CET | 53 | 54373 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:26.295537949 CET | 58295 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:26.302520990 CET | 53 | 58295 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:26.303739071 CET | 65493 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:26.310353041 CET | 53 | 65493 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:26.311048031 CET | 59619 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:26.317631960 CET | 53 | 59619 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:31.515558958 CET | 54909 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:31.525065899 CET | 53 | 54909 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:31.878499985 CET | 54330 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:31.878954887 CET | 58254 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:31.879380941 CET | 63870 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:31.887227058 CET | 53 | 54330 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:31.887501001 CET | 53 | 58254 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:31.888283968 CET | 50583 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:31.888322115 CET | 53 | 63870 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:31.889183044 CET | 54137 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:31.889333963 CET | 61063 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:31.896784067 CET | 53 | 50583 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:31.897505045 CET | 49473 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:31.897635937 CET | 53 | 61063 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:31.898087978 CET | 50153 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:31.898309946 CET | 53 | 54137 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:31.898780107 CET | 52812 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:31.906011105 CET | 53 | 49473 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:31.906881094 CET | 62398 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:31.907521963 CET | 53 | 52812 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:31.907532930 CET | 53 | 50153 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:31.908312082 CET | 57682 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:31.913944006 CET | 53 | 62398 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:31.914973974 CET | 60997 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:31.915020943 CET | 53 | 57682 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:31.915693998 CET | 56990 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:31.922399998 CET | 53 | 56990 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:31.922410965 CET | 53 | 60997 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:31.923165083 CET | 64085 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:31.923249006 CET | 57412 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:31.929841042 CET | 53 | 64085 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:31.930262089 CET | 53 | 57412 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:40.945815086 CET | 61678 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:40.955781937 CET | 59130 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:40.958360910 CET | 53 | 61678 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:40.959924936 CET | 55199 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:40.965756893 CET | 53 | 59130 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:40.970268011 CET | 53 | 55199 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:40.971084118 CET | 52295 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:40.980560064 CET | 53 | 52295 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:41.494343996 CET | 54362 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:41.501811028 CET | 53 | 54362 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:41.508466959 CET | 54848 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:41.517823935 CET | 53 | 54848 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:41.523930073 CET | 52235 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:41.530844927 CET | 53 | 52235 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:43.172621012 CET | 57110 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:43.182265043 CET | 53 | 57110 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:43.186666012 CET | 50129 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:27:43.196887016 CET | 53 | 50129 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:27:43.968106031 CET | 53 | 60622 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:28:03.757981062 CET | 56500 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:28:03.765070915 CET | 53 | 56500 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:28:03.765887022 CET | 62946 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:28:03.789459944 CET | 53 | 62946 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:28:04.231559992 CET | 61009 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:28:11.329008102 CET | 59378 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:28:11.336273909 CET | 53 | 59378 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:28:44.392946959 CET | 59888 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:28:44.400401115 CET | 53 | 59888 | 1.1.1.1 | 192.168.2.6 |
Nov 20, 2024 13:28:44.401472092 CET | 64057 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 20, 2024 13:28:44.409729004 CET | 53 | 64057 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 20, 2024 13:27:13.565107107 CET | 192.168.2.6 | 1.1.1.1 | 0xc157 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:13.574242115 CET | 192.168.2.6 | 1.1.1.1 | 0x803 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:13.590882063 CET | 192.168.2.6 | 1.1.1.1 | 0x1521 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:13.591169119 CET | 192.168.2.6 | 1.1.1.1 | 0xaf25 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:13.600444078 CET | 192.168.2.6 | 1.1.1.1 | 0x717b | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:13.600975037 CET | 192.168.2.6 | 1.1.1.1 | 0x62a | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:13.907891989 CET | 192.168.2.6 | 1.1.1.1 | 0xadd5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:13.919444084 CET | 192.168.2.6 | 1.1.1.1 | 0xca5f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:13.939635038 CET | 192.168.2.6 | 1.1.1.1 | 0x833c | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:13.943283081 CET | 192.168.2.6 | 1.1.1.1 | 0x7b59 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:13.946192026 CET | 192.168.2.6 | 1.1.1.1 | 0xa6a5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:13.955411911 CET | 192.168.2.6 | 1.1.1.1 | 0xc1fb | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:13.958657980 CET | 192.168.2.6 | 1.1.1.1 | 0x4a6a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:13.967730045 CET | 192.168.2.6 | 1.1.1.1 | 0x30b1 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:14.142393112 CET | 192.168.2.6 | 1.1.1.1 | 0x5758 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:14.157145023 CET | 192.168.2.6 | 1.1.1.1 | 0xa8fb | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:14.175570011 CET | 192.168.2.6 | 1.1.1.1 | 0x204 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:14.184636116 CET | 192.168.2.6 | 1.1.1.1 | 0xade2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:14.193342924 CET | 192.168.2.6 | 1.1.1.1 | 0x3bc5 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:14.591512918 CET | 192.168.2.6 | 1.1.1.1 | 0x5522 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:14.920253992 CET | 192.168.2.6 | 1.1.1.1 | 0x13b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:14.921020985 CET | 192.168.2.6 | 1.1.1.1 | 0xcc6d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:15.066701889 CET | 192.168.2.6 | 1.1.1.1 | 0x6784 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:19.717987061 CET | 192.168.2.6 | 1.1.1.1 | 0x90c7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:19.729407072 CET | 192.168.2.6 | 1.1.1.1 | 0x27c3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:19.739959002 CET | 192.168.2.6 | 1.1.1.1 | 0xbb85 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:24.024039984 CET | 192.168.2.6 | 1.1.1.1 | 0x35fd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:24.040477991 CET | 192.168.2.6 | 1.1.1.1 | 0x7a63 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:24.052206993 CET | 192.168.2.6 | 1.1.1.1 | 0xfe7b | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:25.395803928 CET | 192.168.2.6 | 1.1.1.1 | 0x7e82 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:25.405917883 CET | 192.168.2.6 | 1.1.1.1 | 0x2aaa | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:25.513890028 CET | 192.168.2.6 | 1.1.1.1 | 0x613b | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:26.295537949 CET | 192.168.2.6 | 1.1.1.1 | 0xaa35 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:26.303739071 CET | 192.168.2.6 | 1.1.1.1 | 0x4fae | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:26.311048031 CET | 192.168.2.6 | 1.1.1.1 | 0x6ff5 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:31.515558958 CET | 192.168.2.6 | 1.1.1.1 | 0x2d68 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:31.878499985 CET | 192.168.2.6 | 1.1.1.1 | 0x1951 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:31.878954887 CET | 192.168.2.6 | 1.1.1.1 | 0x889c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:31.879380941 CET | 192.168.2.6 | 1.1.1.1 | 0x97e5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:31.888283968 CET | 192.168.2.6 | 1.1.1.1 | 0x43d0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:31.889183044 CET | 192.168.2.6 | 1.1.1.1 | 0x8112 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:31.889333963 CET | 192.168.2.6 | 1.1.1.1 | 0xe2ba | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:31.897505045 CET | 192.168.2.6 | 1.1.1.1 | 0x9fef | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:31.898087978 CET | 192.168.2.6 | 1.1.1.1 | 0xfe70 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:31.898780107 CET | 192.168.2.6 | 1.1.1.1 | 0xfaca | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:31.906881094 CET | 192.168.2.6 | 1.1.1.1 | 0x4108 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:31.908312082 CET | 192.168.2.6 | 1.1.1.1 | 0xa9bc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:31.914973974 CET | 192.168.2.6 | 1.1.1.1 | 0x3437 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:31.915693998 CET | 192.168.2.6 | 1.1.1.1 | 0xaf80 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:31.923165083 CET | 192.168.2.6 | 1.1.1.1 | 0x6514 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:31.923249006 CET | 192.168.2.6 | 1.1.1.1 | 0xaba | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:40.945815086 CET | 192.168.2.6 | 1.1.1.1 | 0xb96d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:40.955781937 CET | 192.168.2.6 | 1.1.1.1 | 0x186f | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:40.959924936 CET | 192.168.2.6 | 1.1.1.1 | 0x200d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:40.971084118 CET | 192.168.2.6 | 1.1.1.1 | 0x416 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:41.494343996 CET | 192.168.2.6 | 1.1.1.1 | 0x4d4c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:41.508466959 CET | 192.168.2.6 | 1.1.1.1 | 0x4271 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:41.523930073 CET | 192.168.2.6 | 1.1.1.1 | 0x52d7 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:27:43.172621012 CET | 192.168.2.6 | 1.1.1.1 | 0x9b47 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:27:43.186666012 CET | 192.168.2.6 | 1.1.1.1 | 0x8c30 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:28:03.757981062 CET | 192.168.2.6 | 1.1.1.1 | 0xb477 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:28:03.765887022 CET | 192.168.2.6 | 1.1.1.1 | 0xc1a5 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:28:04.231559992 CET | 192.168.2.6 | 1.1.1.1 | 0xe921 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:28:11.329008102 CET | 192.168.2.6 | 1.1.1.1 | 0xd934 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 20, 2024 13:28:44.392946959 CET | 192.168.2.6 | 1.1.1.1 | 0xccd4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 20, 2024 13:28:44.401472092 CET | 192.168.2.6 | 1.1.1.1 | 0xc41b | Standard query (0) | 28 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 20, 2024 13:27:13.572503090 CET | 1.1.1.1 | 192.168.2.6 | 0xc157 | No error (0) | 142.250.186.142 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:13.575773001 CET | 1.1.1.1 | 192.168.2.6 | 0xc8db | No error (0) | 35.190.72.216 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:13.597891092 CET | 1.1.1.1 | 192.168.2.6 | 0x1521 | No error (0) | 142.250.184.238 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:13.599648952 CET | 1.1.1.1 | 192.168.2.6 | 0xaf25 | No error (0) | 35.190.72.216 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:13.608041048 CET | 1.1.1.1 | 192.168.2.6 | 0x717b | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:13.917455912 CET | 1.1.1.1 | 192.168.2.6 | 0xadd5 | No error (0) | 34.117.188.166 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:13.928788900 CET | 1.1.1.1 | 192.168.2.6 | 0xca5f | No error (0) | 34.117.188.166 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:13.940104961 CET | 1.1.1.1 | 192.168.2.6 | 0xfcc5 | No error (0) | prod.balrog.prod.cloudops.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:13.940104961 CET | 1.1.1.1 | 192.168.2.6 | 0xfcc5 | No error (0) | 35.244.181.201 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:13.951195955 CET | 1.1.1.1 | 192.168.2.6 | 0x7b59 | No error (0) | prod.ads.prod.webservices.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:13.951195955 CET | 1.1.1.1 | 192.168.2.6 | 0x7b59 | No error (0) | 34.117.188.166 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:13.953885078 CET | 1.1.1.1 | 192.168.2.6 | 0xa6a5 | No error (0) | 35.244.181.201 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:13.966747999 CET | 1.1.1.1 | 192.168.2.6 | 0x4a6a | No error (0) | 34.117.188.166 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:14.149708986 CET | 1.1.1.1 | 192.168.2.6 | 0x5758 | No error (0) | 34.107.221.82 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:14.164994001 CET | 1.1.1.1 | 192.168.2.6 | 0xa8fb | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:14.182909966 CET | 1.1.1.1 | 192.168.2.6 | 0x204 | No error (0) | content-signature-chains.prod.autograph.services.mozaws.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:14.182909966 CET | 1.1.1.1 | 192.168.2.6 | 0x204 | No error (0) | prod.content-signature-chains.prod.webservices.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:14.182909966 CET | 1.1.1.1 | 192.168.2.6 | 0x204 | No error (0) | 34.160.144.191 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:14.192543030 CET | 1.1.1.1 | 192.168.2.6 | 0xade2 | No error (0) | 34.160.144.191 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:14.200263977 CET | 1.1.1.1 | 192.168.2.6 | 0x3bc5 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:14.601856947 CET | 1.1.1.1 | 192.168.2.6 | 0x5522 | No error (0) | shavar.prod.mozaws.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:15.431711912 CET | 1.1.1.1 | 192.168.2.6 | 0xcc6d | No error (0) | 192.0.0.170 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:15.431711912 CET | 1.1.1.1 | 192.168.2.6 | 0xcc6d | No error (0) | 192.0.0.171 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:15.431768894 CET | 1.1.1.1 | 192.168.2.6 | 0x13b | No error (0) | 93.184.215.14 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:15.431780100 CET | 1.1.1.1 | 192.168.2.6 | 0x6784 | No error (0) | detectportal.prod.mozaws.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:15.431780100 CET | 1.1.1.1 | 192.168.2.6 | 0x6784 | No error (0) | 34.107.221.82 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:19.727834940 CET | 1.1.1.1 | 192.168.2.6 | 0x90c7 | No error (0) | prod.sumo.prod.webservices.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:19.727834940 CET | 1.1.1.1 | 192.168.2.6 | 0x90c7 | No error (0) | us-west1.prod.sumo.prod.webservices.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:19.727834940 CET | 1.1.1.1 | 192.168.2.6 | 0x90c7 | No error (0) | 34.149.128.2 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:19.739155054 CET | 1.1.1.1 | 192.168.2.6 | 0x27c3 | No error (0) | 34.149.128.2 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:24.033318996 CET | 1.1.1.1 | 192.168.2.6 | 0x35fd | No error (0) | 34.107.243.93 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:24.049920082 CET | 1.1.1.1 | 192.168.2.6 | 0x7a63 | No error (0) | 34.107.243.93 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:25.394541025 CET | 1.1.1.1 | 192.168.2.6 | 0x79e5 | No error (0) | 34.120.208.123 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:25.405087948 CET | 1.1.1.1 | 192.168.2.6 | 0x7e82 | No error (0) | 34.120.208.123 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:25.521291971 CET | 1.1.1.1 | 192.168.2.6 | 0xf898 | No error (0) | prod.balrog.prod.cloudops.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:25.521291971 CET | 1.1.1.1 | 192.168.2.6 | 0xf898 | No error (0) | 35.244.181.201 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:26.302520990 CET | 1.1.1.1 | 192.168.2.6 | 0xaa35 | No error (0) | prod.remote-settings.prod.webservices.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:26.302520990 CET | 1.1.1.1 | 192.168.2.6 | 0xaa35 | No error (0) | 34.149.100.209 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:26.310353041 CET | 1.1.1.1 | 192.168.2.6 | 0x4fae | No error (0) | 34.149.100.209 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:26.400681019 CET | 1.1.1.1 | 192.168.2.6 | 0xcdfc | No error (0) | 34.120.208.123 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | youtube-ui.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | 142.250.186.46 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | 142.250.181.238 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | 142.250.186.174 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | 216.58.212.142 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | 142.250.185.174 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | 142.250.184.206 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | 216.58.206.46 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | 142.250.185.142 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | 172.217.18.14 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | 142.250.186.78 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | 216.58.206.78 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | 142.250.185.206 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | 142.250.185.110 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | 142.250.185.238 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | 172.217.23.110 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887227058 CET | 1.1.1.1 | 192.168.2.6 | 0x1951 | No error (0) | 172.217.18.110 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887501001 CET | 1.1.1.1 | 192.168.2.6 | 0x889c | No error (0) | star-mini.c10r.facebook.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.887501001 CET | 1.1.1.1 | 192.168.2.6 | 0x889c | No error (0) | 157.240.253.35 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.888322115 CET | 1.1.1.1 | 192.168.2.6 | 0x97e5 | No error (0) | dyna.wikimedia.org | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.888322115 CET | 1.1.1.1 | 192.168.2.6 | 0x97e5 | No error (0) | 185.15.59.224 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.896784067 CET | 1.1.1.1 | 192.168.2.6 | 0x43d0 | No error (0) | 142.250.186.78 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.896784067 CET | 1.1.1.1 | 192.168.2.6 | 0x43d0 | No error (0) | 142.250.186.110 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.896784067 CET | 1.1.1.1 | 192.168.2.6 | 0x43d0 | No error (0) | 172.217.23.110 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.896784067 CET | 1.1.1.1 | 192.168.2.6 | 0x43d0 | No error (0) | 172.217.16.206 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.896784067 CET | 1.1.1.1 | 192.168.2.6 | 0x43d0 | No error (0) | 142.250.185.174 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.896784067 CET | 1.1.1.1 | 192.168.2.6 | 0x43d0 | No error (0) | 172.217.18.14 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.896784067 CET | 1.1.1.1 | 192.168.2.6 | 0x43d0 | No error (0) | 216.58.206.78 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.896784067 CET | 1.1.1.1 | 192.168.2.6 | 0x43d0 | No error (0) | 142.250.186.46 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.896784067 CET | 1.1.1.1 | 192.168.2.6 | 0x43d0 | No error (0) | 142.250.185.78 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.896784067 CET | 1.1.1.1 | 192.168.2.6 | 0x43d0 | No error (0) | 216.58.212.142 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.896784067 CET | 1.1.1.1 | 192.168.2.6 | 0x43d0 | No error (0) | 216.58.212.174 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.896784067 CET | 1.1.1.1 | 192.168.2.6 | 0x43d0 | No error (0) | 142.250.186.142 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.896784067 CET | 1.1.1.1 | 192.168.2.6 | 0x43d0 | No error (0) | 142.250.74.206 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.896784067 CET | 1.1.1.1 | 192.168.2.6 | 0x43d0 | No error (0) | 142.250.184.238 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.896784067 CET | 1.1.1.1 | 192.168.2.6 | 0x43d0 | No error (0) | 142.250.184.206 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.896784067 CET | 1.1.1.1 | 192.168.2.6 | 0x43d0 | No error (0) | 142.250.185.142 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.897635937 CET | 1.1.1.1 | 192.168.2.6 | 0xe2ba | No error (0) | 185.15.59.224 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.898309946 CET | 1.1.1.1 | 192.168.2.6 | 0x8112 | No error (0) | 157.240.0.35 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.906011105 CET | 1.1.1.1 | 192.168.2.6 | 0x9fef | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:31.906011105 CET | 1.1.1.1 | 192.168.2.6 | 0x9fef | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:31.906011105 CET | 1.1.1.1 | 192.168.2.6 | 0x9fef | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:31.906011105 CET | 1.1.1.1 | 192.168.2.6 | 0x9fef | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:31.907521963 CET | 1.1.1.1 | 192.168.2.6 | 0xfaca | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:31.907532930 CET | 1.1.1.1 | 192.168.2.6 | 0xfe70 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:31.913944006 CET | 1.1.1.1 | 192.168.2.6 | 0x4108 | No error (0) | dualstack.reddit.map.fastly.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.913944006 CET | 1.1.1.1 | 192.168.2.6 | 0x4108 | No error (0) | 151.101.129.140 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.913944006 CET | 1.1.1.1 | 192.168.2.6 | 0x4108 | No error (0) | 151.101.1.140 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.913944006 CET | 1.1.1.1 | 192.168.2.6 | 0x4108 | No error (0) | 151.101.65.140 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.913944006 CET | 1.1.1.1 | 192.168.2.6 | 0x4108 | No error (0) | 151.101.193.140 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.915020943 CET | 1.1.1.1 | 192.168.2.6 | 0xa9bc | No error (0) | 104.244.42.193 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.922399998 CET | 1.1.1.1 | 192.168.2.6 | 0xaf80 | No error (0) | 104.244.42.129 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.922410965 CET | 1.1.1.1 | 192.168.2.6 | 0x3437 | No error (0) | 151.101.129.140 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.922410965 CET | 1.1.1.1 | 192.168.2.6 | 0x3437 | No error (0) | 151.101.193.140 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.922410965 CET | 1.1.1.1 | 192.168.2.6 | 0x3437 | No error (0) | 151.101.1.140 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.922410965 CET | 1.1.1.1 | 192.168.2.6 | 0x3437 | No error (0) | 151.101.65.140 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:31.930262089 CET | 1.1.1.1 | 192.168.2.6 | 0xaba | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:31.930262089 CET | 1.1.1.1 | 192.168.2.6 | 0xaba | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:31.930262089 CET | 1.1.1.1 | 192.168.2.6 | 0xaba | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:31.930262089 CET | 1.1.1.1 | 192.168.2.6 | 0xaba | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:40.949441910 CET | 1.1.1.1 | 192.168.2.6 | 0xea1d | No error (0) | prod.balrog.prod.cloudops.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:40.949441910 CET | 1.1.1.1 | 192.168.2.6 | 0xea1d | No error (0) | 35.244.181.201 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:40.958360910 CET | 1.1.1.1 | 192.168.2.6 | 0xb96d | No error (0) | 151.101.1.91 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:40.958360910 CET | 1.1.1.1 | 192.168.2.6 | 0xb96d | No error (0) | 151.101.65.91 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:40.958360910 CET | 1.1.1.1 | 192.168.2.6 | 0xb96d | No error (0) | 151.101.193.91 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:40.958360910 CET | 1.1.1.1 | 192.168.2.6 | 0xb96d | No error (0) | 151.101.129.91 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:40.970268011 CET | 1.1.1.1 | 192.168.2.6 | 0x200d | No error (0) | 151.101.65.91 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:40.970268011 CET | 1.1.1.1 | 192.168.2.6 | 0x200d | No error (0) | 151.101.129.91 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:40.970268011 CET | 1.1.1.1 | 192.168.2.6 | 0x200d | No error (0) | 151.101.193.91 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:40.970268011 CET | 1.1.1.1 | 192.168.2.6 | 0x200d | No error (0) | 151.101.1.91 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:40.980560064 CET | 1.1.1.1 | 192.168.2.6 | 0x416 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:40.980560064 CET | 1.1.1.1 | 192.168.2.6 | 0x416 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:40.980560064 CET | 1.1.1.1 | 192.168.2.6 | 0x416 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:40.980560064 CET | 1.1.1.1 | 192.168.2.6 | 0x416 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 20, 2024 13:27:41.501811028 CET | 1.1.1.1 | 192.168.2.6 | 0x4d4c | No error (0) | normandy-cdn.services.mozilla.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:41.501811028 CET | 1.1.1.1 | 192.168.2.6 | 0x4d4c | No error (0) | 35.201.103.21 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:41.517823935 CET | 1.1.1.1 | 192.168.2.6 | 0x4271 | No error (0) | 35.201.103.21 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:42.022120953 CET | 1.1.1.1 | 192.168.2.6 | 0x7a1 | No error (0) | a17.rackcdn.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:42.022120953 CET | 1.1.1.1 | 192.168.2.6 | 0x7a1 | No error (0) | a17.rackcdn.com.mdc.edgesuite.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:27:43.182265043 CET | 1.1.1.1 | 192.168.2.6 | 0x9b47 | No error (0) | 34.107.243.93 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:28:03.765070915 CET | 1.1.1.1 | 192.168.2.6 | 0xb477 | No error (0) | 34.107.243.93 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:28:04.238493919 CET | 1.1.1.1 | 192.168.2.6 | 0xe921 | No error (0) | detectportal.prod.mozaws.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 20, 2024 13:28:04.238493919 CET | 1.1.1.1 | 192.168.2.6 | 0xe921 | No error (0) | 34.107.221.82 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:28:11.327290058 CET | 1.1.1.1 | 192.168.2.6 | 0x6953 | No error (0) | 34.120.208.123 | A (IP address) | IN (0x0001) | false | ||
Nov 20, 2024 13:28:44.400401115 CET | 1.1.1.1 | 192.168.2.6 | 0xccd4 | No error (0) | 34.107.243.93 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 50819 | 34.107.221.82 | 80 | 6916 | C:\Program Files\Mozilla Firefox\firefox.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 20, 2024 13:27:14.160459995 CET | 303 | OUT | |
Nov 20, 2024 13:27:14.630160093 CET | 298 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 50830 | 34.107.221.82 | 80 | 6916 | C:\Program Files\Mozilla Firefox\firefox.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 20, 2024 13:27:15.446680069 CET | 305 | OUT | |
Nov 20, 2024 13:27:15.897401094 CET | 216 | IN | |
Nov 20, 2024 13:27:20.827280998 CET | 305 | OUT | |
Nov 20, 2024 13:27:20.922697067 CET | 216 | IN | |
Nov 20, 2024 13:27:23.999021053 CET | 305 | OUT | |
Nov 20, 2024 13:27:24.096065044 CET | 216 | IN | |
Nov 20, 2024 13:27:26.528974056 CET | 305 | OUT | |
Nov 20, 2024 13:27:26.688172102 CET | 216 | IN | |
Nov 20, 2024 13:27:27.238164902 CET | 305 | OUT | |
Nov 20, 2024 13:27:27.348987103 CET | 216 | IN | |
Nov 20, 2024 13:27:27.666857004 CET | 305 | OUT | |
Nov 20, 2024 13:27:27.812417030 CET | 216 | IN | |
Nov 20, 2024 13:27:27.827348948 CET | 305 | OUT | |
Nov 20, 2024 13:27:27.928637028 CET | 216 | IN | |
Nov 20, 2024 13:27:33.389065981 CET | 305 | OUT | |
Nov 20, 2024 13:27:33.485510111 CET | 216 | IN | |
Nov 20, 2024 13:27:41.586481094 CET | 305 | OUT | |
Nov 20, 2024 13:27:41.684730053 CET | 216 | IN | |
Nov 20, 2024 13:27:42.057856083 CET | 305 | OUT | |
Nov 20, 2024 13:27:42.156647921 CET | 216 | IN | |
Nov 20, 2024 13:27:42.625180960 CET | 305 | OUT | |
Nov 20, 2024 13:27:42.720029116 CET | 216 | IN | |
Nov 20, 2024 13:27:43.773956060 CET | 305 | OUT | |
Nov 20, 2024 13:27:43.871100903 CET | 216 | IN | |
Nov 20, 2024 13:27:45.020421982 CET | 305 | OUT | |
Nov 20, 2024 13:27:45.115000963 CET | 216 | IN | |
Nov 20, 2024 13:27:55.131593943 CET | 6 | OUT | |
Nov 20, 2024 13:28:04.335597992 CET | 305 | OUT | |
Nov 20, 2024 13:28:04.430867910 CET | 216 | IN | |
Nov 20, 2024 13:28:12.001837015 CET | 305 | OUT | |
Nov 20, 2024 13:28:12.096877098 CET | 216 | IN | |
Nov 20, 2024 13:28:12.495354891 CET | 305 | OUT | |
Nov 20, 2024 13:28:12.593872070 CET | 216 | IN | |
Nov 20, 2024 13:28:14.239624977 CET | 305 | OUT | |
Nov 20, 2024 13:28:14.396898985 CET | 216 | IN | |
Nov 20, 2024 13:28:24.400264025 CET | 6 | OUT | |
Nov 20, 2024 13:28:34.429017067 CET | 6 | OUT | |
Nov 20, 2024 13:28:44.435678959 CET | 6 | OUT | |
Nov 20, 2024 13:28:44.983392954 CET | 305 | OUT | |
Nov 20, 2024 13:28:45.080324888 CET | 216 | IN | |
Nov 20, 2024 13:28:55.088789940 CET | 6 | OUT | |
Nov 20, 2024 13:29:05.095132113 CET | 6 | OUT | |
Nov 20, 2024 13:29:15.100883007 CET | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 50861 | 34.107.221.82 | 80 | 6916 | C:\Program Files\Mozilla Firefox\firefox.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 20, 2024 13:27:19.724904060 CET | 303 | OUT | |
Nov 20, 2024 13:27:20.188436031 CET | 298 | IN | |
Nov 20, 2024 13:27:20.900402069 CET | 303 | OUT | |
Nov 20, 2024 13:27:20.998538971 CET | 298 | IN | |
Nov 20, 2024 13:27:26.388684988 CET | 303 | OUT | |
Nov 20, 2024 13:27:26.491965055 CET | 298 | IN | |
Nov 20, 2024 13:27:26.977252007 CET | 303 | OUT | |
Nov 20, 2024 13:27:27.075684071 CET | 298 | IN | |
Nov 20, 2024 13:27:27.541522026 CET | 303 | OUT | |
Nov 20, 2024 13:27:27.642220974 CET | 298 | IN | |
Nov 20, 2024 13:27:27.666919947 CET | 303 | OUT | |
Nov 20, 2024 13:27:27.816184044 CET | 298 | IN | |
Nov 20, 2024 13:27:33.164971113 CET | 303 | OUT | |
Nov 20, 2024 13:27:33.267363071 CET | 298 | IN | |
Nov 20, 2024 13:27:41.484143019 CET | 303 | OUT | |
Nov 20, 2024 13:27:41.582417011 CET | 298 | IN | |
Nov 20, 2024 13:27:41.952539921 CET | 303 | OUT | |
Nov 20, 2024 13:27:42.053170919 CET | 298 | IN | |
Nov 20, 2024 13:27:42.498924971 CET | 303 | OUT | |
Nov 20, 2024 13:27:42.620759964 CET | 298 | IN | |
Nov 20, 2024 13:27:43.671966076 CET | 303 | OUT | |
Nov 20, 2024 13:27:43.770255089 CET | 298 | IN | |
Nov 20, 2024 13:27:44.917608023 CET | 303 | OUT | |
Nov 20, 2024 13:27:45.016253948 CET | 298 | IN | |
Nov 20, 2024 13:27:55.031267881 CET | 6 | OUT | |
Nov 20, 2024 13:28:04.231230974 CET | 303 | OUT | |
Nov 20, 2024 13:28:04.331671953 CET | 298 | IN | |
Nov 20, 2024 13:28:11.888331890 CET | 303 | OUT | |
Nov 20, 2024 13:28:11.987001896 CET | 298 | IN | |
Nov 20, 2024 13:28:12.334785938 CET | 303 | OUT | |
Nov 20, 2024 13:28:12.433439970 CET | 298 | IN | |
Nov 20, 2024 13:28:14.133789062 CET | 303 | OUT | |
Nov 20, 2024 13:28:14.231965065 CET | 298 | IN | |
Nov 20, 2024 13:28:24.246583939 CET | 6 | OUT | |
Nov 20, 2024 13:28:34.259737015 CET | 6 | OUT | |
Nov 20, 2024 13:28:44.272914886 CET | 6 | OUT | |
Nov 20, 2024 13:28:44.880534887 CET | 303 | OUT | |
Nov 20, 2024 13:28:44.979408979 CET | 298 | IN | |
Nov 20, 2024 13:28:54.988507032 CET | 6 | OUT | |
Nov 20, 2024 13:29:04.994741917 CET | 6 | OUT | |
Nov 20, 2024 13:29:15.016215086 CET | 6 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 07:27:05 |
Start date: | 20/11/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x820000 |
File size: | 922'112 bytes |
MD5 hash: | E0B2866C4C2494645E94B5EF38B9ACB8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 07:27:06 |
Start date: | 20/11/2024 |
Path: | C:\Windows\SysWOW64\taskkill.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x50000 |
File size: | 74'240 bytes |
MD5 hash: | CA313FD7E6C2A778FFD21CFB5C1C56CD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 07:27:06 |
Start date: | 20/11/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 07:27:08 |
Start date: | 20/11/2024 |
Path: | C:\Windows\SysWOW64\taskkill.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x50000 |
File size: | 74'240 bytes |
MD5 hash: | CA313FD7E6C2A778FFD21CFB5C1C56CD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 07:27:08 |
Start date: | 20/11/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 07:27:08 |
Start date: | 20/11/2024 |
Path: | C:\Windows\SysWOW64\taskkill.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x50000 |
File size: | 74'240 bytes |
MD5 hash: | CA313FD7E6C2A778FFD21CFB5C1C56CD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 07:27:08 |
Start date: | 20/11/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 07:27:08 |
Start date: | 20/11/2024 |
Path: | C:\Windows\SysWOW64\taskkill.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x50000 |
File size: | 74'240 bytes |
MD5 hash: | CA313FD7E6C2A778FFD21CFB5C1C56CD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 07:27:08 |
Start date: | 20/11/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 07:27:08 |
Start date: | 20/11/2024 |
Path: | C:\Windows\SysWOW64\taskkill.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x50000 |
File size: | 74'240 bytes |
MD5 hash: | CA313FD7E6C2A778FFD21CFB5C1C56CD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 07:27:08 |
Start date: | 20/11/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 07:27:09 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Mozilla Firefox\firefox.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff728280000 |
File size: | 676'768 bytes |
MD5 hash: | C86B1BE9ED6496FE0E0CBE73F81D8045 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 07:27:09 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Mozilla Firefox\firefox.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff728280000 |
File size: | 676'768 bytes |
MD5 hash: | C86B1BE9ED6496FE0E0CBE73F81D8045 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 14 |
Start time: | 07:27:09 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Mozilla Firefox\firefox.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff728280000 |
File size: | 676'768 bytes |
MD5 hash: | C86B1BE9ED6496FE0E0CBE73F81D8045 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | false |
Target ID: | 16 |
Start time: | 07:27:10 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Mozilla Firefox\firefox.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff728280000 |
File size: | 676'768 bytes |
MD5 hash: | C86B1BE9ED6496FE0E0CBE73F81D8045 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | false |
Target ID: | 18 |
Start time: | 07:27:11 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Mozilla Firefox\firefox.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff728280000 |
File size: | 676'768 bytes |
MD5 hash: | C86B1BE9ED6496FE0E0CBE73F81D8045 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | false |
Target ID: | 20 |
Start time: | 07:27:24 |
Start date: | 20/11/2024 |
Path: | C:\Program Files\Mozilla Firefox\firefox.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff728280000 |
File size: | 676'768 bytes |
MD5 hash: | C86B1BE9ED6496FE0E0CBE73F81D8045 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | false |
Execution Graph
Execution Coverage: | 2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 4.3% |
Total number of Nodes: | 1555 |
Total number of Limit Nodes: | 53 |
Graph
Function 008242DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082D730 Relevance: 21.6, APIs: 14, Instructions: 618windowsleeptimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00822CD4 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 53windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0086065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00822B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00823170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00823B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00823923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00823837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00824ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00858402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0084E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00854C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00853820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00824F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B2A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008230F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00822DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00822B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00821CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B9576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B4873 Relevance: 61.8, APIs: 33, Strings: 2, Instructions: 566windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0083F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0089698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00899642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0089979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00898195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0089ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0085B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008A22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00899B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0083997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00828060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00888298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00895C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008951CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008816C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00881663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0084CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008968EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008937B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008810BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0083B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008409D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0084781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00856DD9 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0083CC39 Relevance: .6, Instructions: 635COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00827920 Relevance: .6, Instructions: 563COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008291C0 Relevance: .5, Instructions: 475COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00859EEE Relevance: .3, Instructions: 294COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00847A4A Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00847CA7 Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00892046 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008A2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008A2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00838891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008AC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0089FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B6CD9 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 194windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008A3FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00838BCD Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 168timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0089C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008914BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008AB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B8D0E Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B541D Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 191windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008A255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B3A23 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 182windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008ACC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00893D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00885CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B50D4 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 162windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008896E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008806DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B3C46 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 101windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B3F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008A3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00897A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B9F86 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 260windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008A055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008A372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B8B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088BC5E Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 137windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00881EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00881FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00852C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B7E9E Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 193windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00825BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B2DFD Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0089C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0085CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008825A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088C5D0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 191windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B81DB Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0083F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00885622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00861522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00891187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0083948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0085542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B6B76 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 131windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B3D7C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 101windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00887726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008877FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008904D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008905A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0089096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00825D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008501B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008561FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0083920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008907EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00884C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008814CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008851FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00877439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00881874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088C27D Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 114windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B52C1 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 104windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B7674 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 102windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00881DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B4653 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 87windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B8FC9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00844D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087D3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00824E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00824E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00892947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008AA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00888BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00898AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00893874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008A0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0085CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00839639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00885711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008810F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00880FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00881014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0089030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008522A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008395C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00850F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00882716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B4537 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008A304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00882F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B7803 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00853E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008A342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00880436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0085B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008956D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00881571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008878F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00851D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00881A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0084D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00853073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008398B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00894D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0083F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0089D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B32A6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B6181 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0089CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B4F80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00881CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00881BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00881C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00881D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B90A1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00880B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008B2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 0.4% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 100% |
Total number of Nodes: | 6 |
Total number of Limit Nodes: | 0 |
Graph
Callgraph
Function 000001D32A1DAEF2 Relevance: 26.1, APIs: 1, Strings: 10, Instructions: 6826nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|