Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 6276 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: A946E9443C4FBB7CBFBCA8667C099696) - taskkill.exe (PID: 6640 cmdline:
taskkill / F /IM fire fox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - conhost.exe (PID: 3300 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 1816 cmdline:
taskkill / F /IM chro me.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - conhost.exe (PID: 1016 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 1208 cmdline:
taskkill / F /IM msed ge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - conhost.exe (PID: 6220 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 6312 cmdline:
taskkill / F /IM oper a.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - conhost.exe (PID: 4256 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 5728 cmdline:
taskkill / F /IM brav e.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - conhost.exe (PID: 2144 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - firefox.exe (PID: 6292 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" --k iosk "http s://youtub e.com/acco unt?=https ://account s.google.c om/v3/sign in/challen ge/pwd" -- no-default -browser-c heck --dis able-popup -blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
- firefox.exe (PID: 6972 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" --k iosk https ://youtube .com/accou nt?=https: //accounts .google.co m/v3/signi n/challeng e/pwd --no -default-b rowser-che ck --disab le-popup-b locking -- attempting -deelevati on MD5: C86B1BE9ED6496FE0E0CBE73F81D8045) - firefox.exe (PID: 4540 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" --k iosk https ://youtube .com/accou nt?=https: //accounts .google.co m/v3/signi n/challeng e/pwd --no -default-b rowser-che ck --disab le-popup-b locking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045) - firefox.exe (PID: 3192 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" -co ntentproc --channel= 2280 -pare ntBuildID 2023092723 2528 -pref sHandle 22 20 -prefMa pHandle 22 16 -prefsL en 25250 - prefMapSiz e 238690 - win32kLock edDown -ap pDir "C:\P rogram Fil es\Mozilla Firefox\b rowser" - {7c3f1fe9- 29b5-44a7- 92d0-ccc1c f2e6846} 4 540 "\\.\p ipe\gecko- crash-serv er-pipe.45 40" 1f2b92 6f310 sock et MD5: C86B1BE9ED6496FE0E0CBE73F81D8045) - firefox.exe (PID: 7624 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" -co ntentproc --channel= 3424 -pare ntBuildID 2023092723 2528 -pref sHandle 36 56 -prefMa pHandle 34 16 -prefsL en 26265 - prefMapSiz e 238690 - appDir "C: \Program F iles\Mozil la Firefox \browser" - {c194599 7-5213-478 c-a830-2ce a8a37ed43} 4540 "\\. \pipe\geck o-crash-se rver-pipe. 4540" 1f2c b764f10 rd d MD5: C86B1BE9ED6496FE0E0CBE73F81D8045) - firefox.exe (PID: 7240 cmdline:
"C:\Progra m Files\Mo zilla Fire fox\firefo x.exe" -co ntentproc --channel= 5080 -pare ntBuildID 2023092723 2528 -sand boxingKind 0 -prefsH andle 5072 -prefMapH andle 5068 -prefsLen 33076 -pr efMapSize 238690 -wi n32kLocked Down -appD ir "C:\Pro gram Files \Mozilla F irefox\bro wser" - {5 26b2fdc-0c 3a-45ce-a3 ce-77acb2c 614cf} 454 0 "\\.\pip e\gecko-cr ash-server -pipe.4540 " 1f2d1852 510 utilit y MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialFlusher | Yara detected Credential Flusher | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_006EDBBE | |
Source: | Code function: | 0_2_006BC2A2 | |
Source: | Code function: | 0_2_006F68EE | |
Source: | Code function: | 0_2_006F698F | |
Source: | Code function: | 0_2_006ED076 | |
Source: | Code function: | 0_2_006ED3A9 | |
Source: | Code function: | 0_2_006F9642 | |
Source: | Code function: | 0_2_006F979D | |
Source: | Code function: | 0_2_006F9B2B | |
Source: | Code function: | 0_2_006F5C97 |
Source: | Memory has grown: |
Source: | Network traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_006FCE44 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_006FEAFF |
Source: | Code function: | 0_2_006FED6A |
Source: | Code function: | 0_2_006FEAFF |
Source: | Code function: | 0_2_006EAA57 |
Source: | Code function: | 0_2_00719576 |
System Summary |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_e35496c5-1 | |
Source: | String found in binary or memory: | memstr_43972e02-d | |
Source: | String found in binary or memory: | memstr_819a9030-5 | |
Source: | String found in binary or memory: | memstr_4e545efa-e |
Source: | Code function: | 18_2_000001F20E1621F2 | |
Source: | Code function: | 18_2_000001F20E1726F7 |
Source: | Code function: | 0_2_006ED5EB |
Source: | Code function: | 0_2_006E1201 |
Source: | Code function: | 0_2_006EE8F6 |
Source: | Code function: | 0_2_0068BF40 | |
Source: | Code function: | 0_2_00688060 | |
Source: | Code function: | 0_2_006F2046 | |
Source: | Code function: | 0_2_006E8298 | |
Source: | Code function: | 0_2_006BE4FF | |
Source: | Code function: | 0_2_006B676B | |
Source: | Code function: | 0_2_00714873 | |
Source: | Code function: | 0_2_0068CAF0 | |
Source: | Code function: | 0_2_006ACAA0 | |
Source: | Code function: | 0_2_0069CC39 | |
Source: | Code function: | 0_2_006B6DD9 | |
Source: | Code function: | 0_2_0069D07D | |
Source: | Code function: | 0_2_0069B119 | |
Source: | Code function: | 0_2_006891C0 | |
Source: | Code function: | 0_2_006A1394 | |
Source: | Code function: | 0_2_006A781B | |
Source: | Code function: | 0_2_0069997D | |
Source: | Code function: | 0_2_00687920 | |
Source: | Code function: | 0_2_006A7A4A | |
Source: | Code function: | 0_2_006A7CA7 | |
Source: | Code function: | 0_2_0070BE44 | |
Source: | Code function: | 0_2_006B9EEE | |
Source: | Code function: | 18_2_000001F20E1621F2 | |
Source: | Code function: | 18_2_000001F20E162232 | |
Source: | Code function: | 18_2_000001F20E16291C | |
Source: | Code function: | 18_2_000001F20E1726F7 |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_006F37B5 |
Source: | Code function: | 0_2_006E10BF | |
Source: | Code function: | 0_2_006E16C3 |
Source: | Code function: | 0_2_006F51CD |
Source: | Code function: | 0_2_006ED4DC |
Source: | Code function: | 0_2_006F648E |
Source: | Code function: | 0_2_006842A2 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Window detected: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_006842DE |
Source: | Static PE information: |
Source: | Code function: | 0_2_006A22FC | |
Source: | Code function: | 0_2_006A0A89 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Code function: | 0_2_0069F98E | |
Source: | Code function: | 0_2_00711C41 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Sandbox detection routine: | graph_0-95171 |
Source: | Code function: | 18_2_000001F20E1621F2 |
Source: | API coverage: |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_006EDBBE | |
Source: | Code function: | 0_2_006BC2A2 | |
Source: | Code function: | 0_2_006F68EE | |
Source: | Code function: | 0_2_006F698F | |
Source: | Code function: | 0_2_006ED076 | |
Source: | Code function: | 0_2_006ED3A9 | |
Source: | Code function: | 0_2_006F9642 | |
Source: | Code function: | 0_2_006F979D | |
Source: | Code function: | 0_2_006F9B2B | |
Source: | Code function: | 0_2_006F5C97 |
Source: | Code function: | 0_2_006842DE |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 18_2_000001F20E1621F2 |
Source: | Code function: | 0_2_006FEAA2 |
Source: | Code function: | 0_2_006B2622 |
Source: | Code function: | 0_2_006842DE |
Source: | Code function: | 0_2_006A4CE8 |
Source: | Code function: | 0_2_006E0B62 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_006B2622 | |
Source: | Code function: | 0_2_006A083F | |
Source: | Code function: | 0_2_006A09D5 | |
Source: | Code function: | 0_2_006A0C21 |
Source: | Code function: | 0_2_006E1201 |
Source: | Code function: | 0_2_006C2BA5 |
Source: | Code function: | 0_2_006EB226 |
Source: | Code function: | 0_2_007022DA |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_006E0B62 |
Source: | Code function: | 0_2_006E1663 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_006A0698 |
Source: | Code function: | 0_2_006F8195 |
Source: | Code function: | 0_2_006DD27A |
Source: | Code function: | 0_2_006BB952 |
Source: | Code function: | 0_2_006842DE |
Stealing of Sensitive Information |
---|
Source: | File source: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Remote Access Functionality |
---|
Source: | File source: |
Source: | Code function: | 0_2_00701204 | |
Source: | Code function: | 0_2_00701806 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 2 Disable or Modify Tools | 21 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 1 Native API | 2 Valid Accounts | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 21 Input Capture | 12 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Extra Window Memory Injection | 2 Obfuscated Files or Information | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 2 Valid Accounts | 1 DLL Side-Loading | NTDS | 16 System Information Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 21 Access Token Manipulation | 1 Extra Window Memory Injection | LSA Secrets | 131 Security Software Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 2 Process Injection | 1 Masquerading | Cached Domain Credentials | 11 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Valid Accounts | DCSync | 3 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 11 Virtualization/Sandbox Evasion | Proc Filesystem | 1 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 21 Access Token Manipulation | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 2 Process Injection | Network Sniffing | Network Service Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
29% | ReversingLabs | Win32.Trojan.AutoitInject | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | ReversingLabs |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
example.org | 93.184.215.14 | true | false | high | |
star-mini.c10r.facebook.com | 157.240.251.35 | true | false | high | |
prod.classify-client.prod.webservices.mozgcp.net | 35.190.72.216 | true | false | high | |
prod.balrog.prod.cloudops.mozgcp.net | 35.244.181.201 | true | false | high | |
twitter.com | 104.244.42.129 | true | false | high | |
prod.detectportal.prod.cloudops.mozgcp.net | 34.107.221.82 | true | false | high | |
services.addons.mozilla.org | 151.101.65.91 | true | false | high | |
dyna.wikimedia.org | 185.15.59.224 | true | false | high | |
prod.remote-settings.prod.webservices.mozgcp.net | 34.149.100.209 | true | false | high | |
contile.services.mozilla.com | 34.117.188.166 | true | false | high | |
youtube.com | 142.250.184.238 | true | false | high | |
prod.content-signature-chains.prod.webservices.mozgcp.net | 34.160.144.191 | true | false | high | |
youtube-ui.l.google.com | 142.250.184.238 | true | false | high | |
us-west1.prod.sumo.prod.webservices.mozgcp.net | 34.149.128.2 | true | false | high | |
reddit.map.fastly.net | 151.101.193.140 | true | false | high | |
ipv4only.arpa | 192.0.0.171 | true | false | high | |
prod.ads.prod.webservices.mozgcp.net | 34.117.188.166 | true | false | high | |
push.services.mozilla.com | 34.107.243.93 | true | false | high | |
normandy-cdn.services.mozilla.com | 35.201.103.21 | true | false | high | |
telemetry-incoming.r53-2.services.mozilla.com | 34.120.208.123 | true | false | high | |
www.reddit.com | unknown | unknown | false | high | |
spocs.getpocket.com | unknown | unknown | false | high | |
content-signature-2.cdn.mozilla.net | unknown | unknown | false | high | |
support.mozilla.org | unknown | unknown | false | high | |
firefox.settings.services.mozilla.com | unknown | unknown | false | high | |
www.youtube.com | unknown | unknown | false | high | |
www.facebook.com | unknown | unknown | false | high | |
detectportal.firefox.com | unknown | unknown | false | high | |
normandy.cdn.mozilla.net | unknown | unknown | false | high | |
shavar.services.mozilla.com | unknown | unknown | false | high | |
www.wikipedia.org | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
34.149.100.209 | prod.remote-settings.prod.webservices.mozgcp.net | United States | 2686 | ATGS-MMD-ASUS | false | |
34.107.243.93 | push.services.mozilla.com | United States | 15169 | GOOGLEUS | false | |
151.101.65.91 | services.addons.mozilla.org | United States | 54113 | FASTLYUS | false | |
34.107.221.82 | prod.detectportal.prod.cloudops.mozgcp.net | United States | 15169 | GOOGLEUS | false | |
35.244.181.201 | prod.balrog.prod.cloudops.mozgcp.net | United States | 15169 | GOOGLEUS | false | |
34.117.188.166 | contile.services.mozilla.com | United States | 139070 | GOOGLE-AS-APGoogleAsiaPacificPteLtdSG | false | |
35.201.103.21 | normandy-cdn.services.mozilla.com | United States | 15169 | GOOGLEUS | false | |
142.250.184.238 | youtube.com | United States | 15169 | GOOGLEUS | false | |
35.190.72.216 | prod.classify-client.prod.webservices.mozgcp.net | United States | 15169 | GOOGLEUS | false | |
34.160.144.191 | prod.content-signature-chains.prod.webservices.mozgcp.net | United States | 2686 | ATGS-MMD-ASUS | false | |
34.120.208.123 | telemetry-incoming.r53-2.services.mozilla.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
127.0.0.1 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1560053 |
Start date and time: | 2024-11-21 11:02:06 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal72.troj.evad.winEXE@34/34@66/12 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 184.28.90.27, 52.12.64.98, 35.164.125.63, 35.80.238.59, 2.22.61.56, 2.22.61.59, 172.217.23.110, 142.250.185.138, 142.250.185.234, 142.250.185.110
- Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, e16604.g.akamaiedge.net, safebrowsing.googleapis.com, prod.fs.microsoft.com.akadns.net, location.services.mozilla.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtOpenFile calls found.
- VT rate limit hit for: file.exe
Time | Type | Description |
---|---|---|
05:03:18 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
34.117.188.166 | Get hash | malicious | Credential Flusher | Browse | ||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
34.149.100.209 | Get hash | malicious | Credential Flusher | Browse | ||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
34.160.144.191 | Get hash | malicious | Credential Flusher | Browse | ||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
151.101.65.91 | Get hash | malicious | Credential Flusher | Browse | ||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
example.org | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
star-mini.c10r.facebook.com | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
twitter.com | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Cryptbot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
ATGS-MMD-ASUS | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
FASTLYUS | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | HtmlDropper | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
ATGS-MMD-ASUS | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
fb0aa01abe9d8e4037eb3473ca6e2dca | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy) | Get hash | malicious | Credential Flusher | Browse | ||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse |
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_0cc711e2-b902-445a-b40a-cdeae78a6349.json (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7946 |
Entropy (8bit): | 5.180306078831364 |
Encrypted: | false |
SSDEEP: | 192:U/BMXZVOcbhbVbTbfbRbObtbyEl7nUrWJA6unSrDtTkdxSofTL:2imcNhnzFSJ0rV1nSrDhkdxT |
MD5: | B5D131BCD385C2471D9F4598263C99AF |
SHA1: | F78B2145D93741D56F6A6356E45ACFEEC4BDA8A4 |
SHA-256: | 1D34B7E00C0AD1A1967FB784E4825609C1072920CBA2F0E5B5FBBB8593E8E4CE |
SHA-512: | 439866C5B68EF82597BBC66A630B2D2B60F6732338D6308379B8D1378673F32EC8211754E94536C0D8F1EC14194BED43488946C3258B65B20D50342B14D2BE50 |
Malicious: | false |
Preview: |
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_0cc711e2-b902-445a-b40a-cdeae78a6349.json.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7946 |
Entropy (8bit): | 5.180306078831364 |
Encrypted: | false |
SSDEEP: | 192:U/BMXZVOcbhbVbTbfbRbObtbyEl7nUrWJA6unSrDtTkdxSofTL:2imcNhnzFSJ0rV1nSrDhkdxT |
MD5: | B5D131BCD385C2471D9F4598263C99AF |
SHA1: | F78B2145D93741D56F6A6356E45ACFEEC4BDA8A4 |
SHA-256: | 1D34B7E00C0AD1A1967FB784E4825609C1072920CBA2F0E5B5FBBB8593E8E4CE |
SHA-512: | 439866C5B68EF82597BBC66A630B2D2B60F6732338D6308379B8D1378673F32EC8211754E94536C0D8F1EC14194BED43488946C3258B65B20D50342B14D2BE50 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.4593089050301797 |
Encrypted: | false |
SSDEEP: | 48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L |
MD5: | D910AD167F0217587501FDCDB33CC544 |
SHA1: | 2F57441CEFDC781011B53C1C5D29AC54835AFC1D |
SHA-256: | E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81 |
SHA-512: | F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 453023 |
Entropy (8bit): | 7.997718157581587 |
Encrypted: | true |
SSDEEP: | 12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3 |
MD5: | 85430BAED3398695717B0263807CF97C |
SHA1: | FFFBEE923CEA216F50FCE5D54219A188A5100F41 |
SHA-256: | A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E |
SHA-512: | 06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4419 |
Entropy (8bit): | 4.932579562452597 |
Encrypted: | false |
SSDEEP: | 96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLSgXK8P:gXiNFS+OcUGOdwiOdwBjkYLLXK8P |
MD5: | 1FAAD89F08F7DA07EBADE1A0C6C7378F |
SHA1: | D46C306D13B5B6EE9A0A6CEC1294ADB8814589F2 |
SHA-256: | AD3B2F1A1AD9F9DC38E86C04682F9DE8765B93C8C22A5B6B2BDCC1821E95A0D2 |
SHA-512: | 2A18B9DF1900EE39700876BB169D3CFE40E86F9A9265433FCF51FB8B342BFAD47ACE6BB0FBD0F11EFF31F88D4A71D82344CF0046E37F0F319C8E64DDFDA7B8A6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4419 |
Entropy (8bit): | 4.932579562452597 |
Encrypted: | false |
SSDEEP: | 96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLSgXK8P:gXiNFS+OcUGOdwiOdwBjkYLLXK8P |
MD5: | 1FAAD89F08F7DA07EBADE1A0C6C7378F |
SHA1: | D46C306D13B5B6EE9A0A6CEC1294ADB8814589F2 |
SHA-256: | AD3B2F1A1AD9F9DC38E86C04682F9DE8765B93C8C22A5B6B2BDCC1821E95A0D2 |
SHA-512: | 2A18B9DF1900EE39700876BB169D3CFE40E86F9A9265433FCF51FB8B342BFAD47ACE6BB0FBD0F11EFF31F88D4A71D82344CF0046E37F0F319C8E64DDFDA7B8A6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4 (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6071 |
Entropy (8bit): | 6.61263436125208 |
Encrypted: | false |
SSDEEP: | 96:72YbKsKNU2xWrp327tGmD4wBON6hCY9rI7hlSAJVrfzjZXjkTndS12opTaM:7Tx2x2t0FDJ4NF6ILDfzjtedh6TX |
MD5: | FD36D36BC5077FC3D16CD68CC7FFC65A |
SHA1: | 2111D7339EA8F94FC7F4F8E2964ABDBE6198F90B |
SHA-256: | 3A65636ABBCBF9BC2447FEA1BCE9BFC0E6DACD10D5721D21D670A537FFF0D545 |
SHA-512: | 074547A0C2D572BA22D27A4EC3A0957C27B72E732D0ED37501C30A9657CAD258584819D3A92215B52638888D9FC0682E871F454B0ECBFC75373CBAE38DA4D656 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6071 |
Entropy (8bit): | 6.61263436125208 |
Encrypted: | false |
SSDEEP: | 96:72YbKsKNU2xWrp327tGmD4wBON6hCY9rI7hlSAJVrfzjZXjkTndS12opTaM:7Tx2x2t0FDJ4NF6ILDfzjtedh6TX |
MD5: | FD36D36BC5077FC3D16CD68CC7FFC65A |
SHA1: | 2111D7339EA8F94FC7F4F8E2964ABDBE6198F90B |
SHA-256: | 3A65636ABBCBF9BC2447FEA1BCE9BFC0E6DACD10D5721D21D670A537FFF0D545 |
SHA-512: | 074547A0C2D572BA22D27A4EC3A0957C27B72E732D0ED37501C30A9657CAD258584819D3A92215B52638888D9FC0682E871F454B0ECBFC75373CBAE38DA4D656 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.91829583405449 |
Encrypted: | false |
SSDEEP: | 3:YWGifTJE6iHQ:YWGif9EE |
MD5: | 3088F0272D29FAA42ED452C5E8120B08 |
SHA1: | C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23 |
SHA-256: | D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06 |
SHA-512: | B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24 |
Entropy (8bit): | 3.91829583405449 |
Encrypted: | false |
SSDEEP: | 3:YWGifTJE6iHQ:YWGif9EE |
MD5: | 3088F0272D29FAA42ED452C5E8120B08 |
SHA1: | C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23 |
SHA-256: | D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06 |
SHA-512: | B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 262144 |
Entropy (8bit): | 0.04905141882491872 |
Encrypted: | false |
SSDEEP: | 24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5 |
MD5: | 8736A542C5564A922C47B19D9CC5E0F2 |
SHA1: | CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A |
SHA-256: | 97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077 |
SHA-512: | 99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4 (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66 |
Entropy (8bit): | 4.837595020998689 |
Encrypted: | false |
SSDEEP: | 3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt |
MD5: | A6338865EB252D0EF8FCF11FA9AF3F0D |
SHA1: | CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3 |
SHA-256: | 078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965 |
SHA-512: | D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 66 |
Entropy (8bit): | 4.837595020998689 |
Encrypted: | false |
SSDEEP: | 3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt |
MD5: | A6338865EB252D0EF8FCF11FA9AF3F0D |
SHA1: | CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3 |
SHA-256: | 078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965 |
SHA-512: | D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 36830 |
Entropy (8bit): | 5.185052013683835 |
Encrypted: | false |
SSDEEP: | 768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3 |
MD5: | 10E2D85FEF0DB266E519048D63617FA8 |
SHA1: | EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0 |
SHA-256: | 92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E |
SHA-512: | 164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 36830 |
Entropy (8bit): | 5.185052013683835 |
Encrypted: | false |
SSDEEP: | 768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3 |
MD5: | 10E2D85FEF0DB266E519048D63617FA8 |
SHA1: | EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0 |
SHA-256: | 92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E |
SHA-512: | 164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-shm
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.017262956703125623 |
Encrypted: | false |
SSDEEP: | 3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX |
MD5: | B7C14EC6110FA820CA6B65F5AEC85911 |
SHA1: | 608EEB7488042453C9CA40F7E1398FC1A270F3F4 |
SHA-256: | FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB |
SHA-512: | D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1021904 |
Entropy (8bit): | 6.648417932394748 |
Encrypted: | false |
SSDEEP: | 12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x |
MD5: | FE3355639648C417E8307C6D051E3E37 |
SHA1: | F54602D4B4778DA21BC97C7238FC66AA68C8EE34 |
SHA-256: | 1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E |
SHA-512: | 8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1021904 |
Entropy (8bit): | 6.648417932394748 |
Encrypted: | false |
SSDEEP: | 12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x |
MD5: | FE3355639648C417E8307C6D051E3E37 |
SHA1: | F54602D4B4778DA21BC97C7238FC66AA68C8EE34 |
SHA-256: | 1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E |
SHA-512: | 8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C |
Malicious: | false |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 116 |
Entropy (8bit): | 4.968220104601006 |
Encrypted: | false |
SSDEEP: | 3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn |
MD5: | 3D33CDC0B3D281E67DD52E14435DD04F |
SHA1: | 4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB |
SHA-256: | F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B |
SHA-512: | A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 116 |
Entropy (8bit): | 4.968220104601006 |
Encrypted: | false |
SSDEEP: | 3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn |
MD5: | 3D33CDC0B3D281E67DD52E14435DD04F |
SHA1: | 4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB |
SHA-256: | F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B |
SHA-512: | A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 98304 |
Entropy (8bit): | 0.07322372386383841 |
Encrypted: | false |
SSDEEP: | 12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiR2l:DLhesh7Owd4+jiRC |
MD5: | 194A33EAA45179D867C872C0DFFE4B6A |
SHA1: | 8AF352125413FC66CDC489D9C3EC16CBAC832ED7 |
SHA-256: | 69DED5924CA67FF4C9E232E703D3DD5893B4C4856ACC84827339EA7510EEAC57 |
SHA-512: | 9EEDE5CCF84C59B19455C69D6312FB8DE77D2F8432F9F30602AB5FDD55706F9A5F07703D6B9D1BB81703C042B571D10CBB797721F05B637F7DC4D346AB8BF11D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.035699946889726504 |
Encrypted: | false |
SSDEEP: | 3:GtlstF/7p6/nAYIg3lstF/7p6/nAYIlT89//alEl:GtWtSZWtS089XuM |
MD5: | 0E4A905830714919614C635335C6487E |
SHA1: | 63172FC2A90BA90718163AEE4CE7615FB6C5A1CE |
SHA-256: | E1C38EC89D2E6242292B0300DBD9319BF9B7AD7375C55D3F7EB8AF85A58F2065 |
SHA-512: | 202E461A61D38F6CEDCC7BC24059058FAA3C5718C995CC3CC80BBC4C2946AB6E36DF26514C9B407DA6A1F4DF5494AF2A5BEEE0EE3F414C5477020E3A67AABD8D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32824 |
Entropy (8bit): | 0.034878162048718665 |
Encrypted: | false |
SSDEEP: | 3:Ol1EaOCXf3iMxVZlZSrV//mwl8XW3R2:KOaOMHlspuw93w |
MD5: | A0AD85F198D3B29C94DDAA0450B144A7 |
SHA1: | 57833C75BCD9AD0C9D0076E58E1E028C7CE65283 |
SHA-256: | 92D20D067159AEF18631897A859C92E8CD50CAAF9FD967B18AFAB0F18B6691F3 |
SHA-512: | 2160EB022A2B59A66E4D7B96C8B7B825B9B6B0D25D5FED10AFAC8133C5BA718A686244547AEB1376D81B702686FAB4E2C6631602FCBE4B18DF82D51D9D6EB193 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs-1.js
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14081 |
Entropy (8bit): | 5.466969688775189 |
Encrypted: | false |
SSDEEP: | 192:lnTFTRRUYbBp6+LZNMGaXl6qU4KKzy+/3/7Lv15RYiNBw8djSl:FKenFNMAlayCldwY0 |
MD5: | 2E1EC45BC29689CACD2E3E2DC8C94C0E |
SHA1: | 8626AD7A8FF6DE6FDD7E8A521CF8B59B0E4BD432 |
SHA-256: | 6B63639A3B7AA647F85B04CE3373D4CDACAD76E1FE970C65AB333B29177A93D1 |
SHA-512: | 338CC72892C47BA6A0F864E2E684A0A4DFDBA3E26C4823E022E72DD6B6A374142C37F7B63D2849F280EAFE8C3A621181178AE10E5BE811473281389B113773CB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14081 |
Entropy (8bit): | 5.466969688775189 |
Encrypted: | false |
SSDEEP: | 192:lnTFTRRUYbBp6+LZNMGaXl6qU4KKzy+/3/7Lv15RYiNBw8djSl:FKenFNMAlayCldwY0 |
MD5: | 2E1EC45BC29689CACD2E3E2DC8C94C0E |
SHA1: | 8626AD7A8FF6DE6FDD7E8A521CF8B59B0E4BD432 |
SHA-256: | 6B63639A3B7AA647F85B04CE3373D4CDACAD76E1FE970C65AB333B29177A93D1 |
SHA-512: | 338CC72892C47BA6A0F864E2E684A0A4DFDBA3E26C4823E022E72DD6B6A374142C37F7B63D2849F280EAFE8C3A621181178AE10E5BE811473281389B113773CB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.04062825861060003 |
Encrypted: | false |
SSDEEP: | 3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l |
MD5: | 60C09456D6362C6FBED48C69AA342C3C |
SHA1: | 58B6E22DAA48C75958B429F662DEC1C011AE74D3 |
SHA-256: | FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389 |
SHA-512: | 936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 90 |
Entropy (8bit): | 4.194538242412464 |
Encrypted: | false |
SSDEEP: | 3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr |
MD5: | C4AB2EE59CA41B6D6A6EA911F35BDC00 |
SHA1: | 5942CD6505FC8A9DABA403B082067E1CDEFDFBC4 |
SHA-256: | 00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2 |
SHA-512: | 71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 90 |
Entropy (8bit): | 4.194538242412464 |
Encrypted: | false |
SSDEEP: | 3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr |
MD5: | C4AB2EE59CA41B6D6A6EA911F35BDC00 |
SHA1: | 5942CD6505FC8A9DABA403B082067E1CDEFDFBC4 |
SHA-256: | 00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2 |
SHA-512: | 71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.baklz4 (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1571 |
Entropy (8bit): | 6.340355957316318 |
Encrypted: | false |
SSDEEP: | 24:v+USUGlcAxS7qLXnIgj/pnxQwRlszT5sKL003eHVvwKXTramhujJmyOOxmOmaoRL:GUpOxkqVnR6N3eNwCTr4JNKRhx |
MD5: | 17C0C08AC443007F2E672014A64C80F8 |
SHA1: | F630BAE0885993CFF4768C61A8F5A0123ED69334 |
SHA-256: | DCA78D595A73AF0FD38FBDABAD432A0DAA490E4B9CF0CA4635B4A0539EDD6290 |
SHA-512: | 394B598429B2B3953B1B0436613C4338D4335E417E207C1639F61E35E10BDAF5E8286165340741BCFD58CEDAEB3267ACAD3E568E834D8CB323F4064F3ABF556F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4 (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1571 |
Entropy (8bit): | 6.340355957316318 |
Encrypted: | false |
SSDEEP: | 24:v+USUGlcAxS7qLXnIgj/pnxQwRlszT5sKL003eHVvwKXTramhujJmyOOxmOmaoRL:GUpOxkqVnR6N3eNwCTr4JNKRhx |
MD5: | 17C0C08AC443007F2E672014A64C80F8 |
SHA1: | F630BAE0885993CFF4768C61A8F5A0123ED69334 |
SHA-256: | DCA78D595A73AF0FD38FBDABAD432A0DAA490E4B9CF0CA4635B4A0539EDD6290 |
SHA-512: | 394B598429B2B3953B1B0436613C4338D4335E417E207C1639F61E35E10BDAF5E8286165340741BCFD58CEDAEB3267ACAD3E568E834D8CB323F4064F3ABF556F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1571 |
Entropy (8bit): | 6.340355957316318 |
Encrypted: | false |
SSDEEP: | 24:v+USUGlcAxS7qLXnIgj/pnxQwRlszT5sKL003eHVvwKXTramhujJmyOOxmOmaoRL:GUpOxkqVnR6N3eNwCTr4JNKRhx |
MD5: | 17C0C08AC443007F2E672014A64C80F8 |
SHA1: | F630BAE0885993CFF4768C61A8F5A0123ED69334 |
SHA-256: | DCA78D595A73AF0FD38FBDABAD432A0DAA490E4B9CF0CA4635B4A0539EDD6290 |
SHA-512: | 394B598429B2B3953B1B0436613C4338D4335E417E207C1639F61E35E10BDAF5E8286165340741BCFD58CEDAEB3267ACAD3E568E834D8CB323F4064F3ABF556F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 2.042811512334329 |
Encrypted: | false |
SSDEEP: | 24:JBkSldh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jkSWEUo9LXtR+JdkOnohYsl |
MD5: | 21235938025E2102017AC8C9748948A4 |
SHA1: | A1EED1C4588724A8396C95FC9923C0A33B360FF8 |
SHA-256: | E34B06B180E3F73DC8E441650BB7FE694A9D58E927412D6ED40B0852B784824E |
SHA-512: | D334B419A2A75179C17D7F53BF65FCC132ADE03B21059F0007ACDBB08284A281D8CE1C1CC598E6A070024D0DAE158E2E9618E121342BE068E87A051FE33D6061 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json (copy)
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4411 |
Entropy (8bit): | 5.009414726389773 |
Encrypted: | false |
SSDEEP: | 48:YrSAYzHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJFde:yczCTEr5NfJzzcBvbw6Kkvrc2Rn27 |
MD5: | 6A34F62168E09D05972319B4F18BEDEF |
SHA1: | 89596CBDCE2BA093DB1DB71F04ED8AD3A2280205 |
SHA-256: | F44F5467C9024A651C80D41E5E4613B6070821F68B74A0B5930E992D520B1916 |
SHA-512: | 5E8124A09F4013F42728ACEAE8702B53C9C1DFE4408C1D8152B6CD2723E04346D429535E710DC18CC4A3D8598B6236DB41DE26972D1E61B96F29440B47E9FDB2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json.tmp
Download File
Process: | C:\Program Files\Mozilla Firefox\firefox.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4411 |
Entropy (8bit): | 5.009414726389773 |
Encrypted: | false |
SSDEEP: | 48:YrSAYzHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyJFde:yczCTEr5NfJzzcBvbw6Kkvrc2Rn27 |
MD5: | 6A34F62168E09D05972319B4F18BEDEF |
SHA1: | 89596CBDCE2BA093DB1DB71F04ED8AD3A2280205 |
SHA-256: | F44F5467C9024A651C80D41E5E4613B6070821F68B74A0B5930E992D520B1916 |
SHA-512: | 5E8124A09F4013F42728ACEAE8702B53C9C1DFE4408C1D8152B6CD2723E04346D429535E710DC18CC4A3D8598B6236DB41DE26972D1E61B96F29440B47E9FDB2 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.592451572635273 |
TrID: |
|
File name: | file.exe |
File size: | 922'624 bytes |
MD5: | a946e9443c4fbb7cbfbca8667c099696 |
SHA1: | 85a6507e2ff6ed26724ca6dce2842b33dd97ef8e |
SHA256: | e85069cf3df6f629435808fa11dc054609e3de054c12314a4bb87a8ea3e853ad |
SHA512: | bbfa6b31b192bbeae2a13daa8ef41537a604faa7395c762ccf3eac00b6c82ffffc6c943e67127a7d41bfb591a555aac26dcbae96baef01d0716f595bac496da9 |
SSDEEP: | 24576:iqDEvCTbMWu7rQYlBQcBiT6rprG8aob4:iTvC/MTQYxsWR7ao |
TLSH: | 4B159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3 |
File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z.... |
Icon Hash: | aaf3e3e3938382a0 |
Entrypoint: | 0x420577 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x673F01FE [Thu Nov 21 09:48:46 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 948cc502fe9226992dce9417f952fce3 |
Instruction |
---|
call 00007F18C4E831A3h |
jmp 00007F18C4E82AAFh |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F18C4E82C8Dh |
mov dword ptr [esi], 0049FDF0h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FDF8h |
mov dword ptr [ecx], 0049FDF0h |
ret |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F18C4E82C5Ah |
mov dword ptr [esi], 0049FE0Ch |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FE14h |
mov dword ptr [ecx], 0049FE0Ch |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
and dword ptr [eax], 00000000h |
and dword ptr [eax+04h], 00000000h |
push eax |
mov eax, dword ptr [ebp+08h] |
add eax, 04h |
push eax |
call 00007F18C4E8584Dh |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
lea eax, dword ptr [ecx+04h] |
mov dword ptr [ecx], 0049FDD0h |
push eax |
call 00007F18C4E85898h |
pop ecx |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
push eax |
call 00007F18C4E85881h |
test byte ptr [ebp+08h], 00000001h |
pop ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc8e64 | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd4000 | 0xa838 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xdf000 | 0x7594 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xb0ff0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xc3400 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xb1010 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9c000 | 0x894 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x9ab1d | 0x9ac00 | 0a1473f3064dcbc32ef93c5c8a90f3a6 | False | 0.565500681542811 | data | 6.668273581389308 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x9c000 | 0x2fb82 | 0x2fc00 | c9cf2468b60bf4f80f136ed54b3989fb | False | 0.35289185209424084 | data | 5.691811547483722 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xcc000 | 0x706c | 0x4800 | 53b9025d545d65e23295e30afdbd16d9 | False | 0.04356553819444445 | DOS executable (block device driver @\273\) | 0.5846666986982398 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xd4000 | 0xa838 | 0xaa00 | 4e42c9e65ff8d2babb4e82fa12d417ea | False | 0.36808363970588237 | data | 5.652114541511596 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xdf000 | 0x7594 | 0x7600 | c68ee8931a32d45eb82dc450ee40efc3 | False | 0.7628111758474576 | data | 6.7972128181359786 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xd45a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0xd46d0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
RT_ICON | 0xd47f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_ICON | 0xd4920 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | English | Great Britain | 0.3333333333333333 |
RT_ICON | 0xd4c08 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | English | Great Britain | 0.5 |
RT_ICON | 0xd4d30 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | Great Britain | 0.2835820895522388 |
RT_ICON | 0xd5bd8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | Great Britain | 0.37906137184115524 |
RT_ICON | 0xd6480 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | Great Britain | 0.23699421965317918 |
RT_ICON | 0xd69e8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | Great Britain | 0.13858921161825727 |
RT_ICON | 0xd8f90 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | Great Britain | 0.25070356472795496 |
RT_ICON | 0xda038 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | Great Britain | 0.3173758865248227 |
RT_MENU | 0xda4a0 | 0x50 | data | English | Great Britain | 0.9 |
RT_STRING | 0xda4f0 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
RT_STRING | 0xdaa84 | 0x68a | data | English | Great Britain | 0.2735961768219833 |
RT_STRING | 0xdb110 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
RT_STRING | 0xdb5a0 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
RT_STRING | 0xdbb9c | 0x65c | data | English | Great Britain | 0.34336609336609336 |
RT_STRING | 0xdc1f8 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
RT_STRING | 0xdc660 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
RT_RCDATA | 0xdc7b8 | 0x1b00 | data | 1.0015914351851851 | ||
RT_GROUP_ICON | 0xde2b8 | 0x76 | data | English | Great Britain | 0.6610169491525424 |
RT_GROUP_ICON | 0xde330 | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0xde344 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0xde358 | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0xde36c | 0xdc | data | English | Great Britain | 0.6181818181818182 |
RT_MANIFEST | 0xde448 | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
DLL | Import |
---|---|
WSOCK32.dll | gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect |
VERSION.dll | GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW |
WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
MPR.dll | WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W |
WININET.dll | HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable |
PSAPI.DLL | GetProcessMemoryInfo |
IPHLPAPI.DLL | IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile |
USERENV.dll | DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile |
UxTheme.dll | IsThemeActive |
KERNEL32.dll | DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW |
USER32.dll | GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient |
GDI32.dll | EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath |
COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW |
SHELL32.dll | DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW |
ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket |
OLEAUT32.dll | CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 21, 2024 11:03:17.084860086 CET | 49735 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:17.085374117 CET | 49736 | 443 | 192.168.2.6 | 142.250.184.238 |
Nov 21, 2024 11:03:17.085422993 CET | 443 | 49736 | 142.250.184.238 | 192.168.2.6 |
Nov 21, 2024 11:03:17.085649014 CET | 49737 | 443 | 192.168.2.6 | 142.250.184.238 |
Nov 21, 2024 11:03:17.085705996 CET | 443 | 49737 | 142.250.184.238 | 192.168.2.6 |
Nov 21, 2024 11:03:17.085859060 CET | 49738 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 21, 2024 11:03:17.085867882 CET | 443 | 49738 | 35.190.72.216 | 192.168.2.6 |
Nov 21, 2024 11:03:17.087449074 CET | 49736 | 443 | 192.168.2.6 | 142.250.184.238 |
Nov 21, 2024 11:03:17.087465048 CET | 49737 | 443 | 192.168.2.6 | 142.250.184.238 |
Nov 21, 2024 11:03:17.087476015 CET | 49738 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 21, 2024 11:03:17.092183113 CET | 49736 | 443 | 192.168.2.6 | 142.250.184.238 |
Nov 21, 2024 11:03:17.092199087 CET | 443 | 49736 | 142.250.184.238 | 192.168.2.6 |
Nov 21, 2024 11:03:17.093688011 CET | 49737 | 443 | 192.168.2.6 | 142.250.184.238 |
Nov 21, 2024 11:03:17.093708038 CET | 443 | 49737 | 142.250.184.238 | 192.168.2.6 |
Nov 21, 2024 11:03:17.094974995 CET | 49738 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 21, 2024 11:03:17.094990969 CET | 443 | 49738 | 35.190.72.216 | 192.168.2.6 |
Nov 21, 2024 11:03:17.129916906 CET | 49739 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:17.129946947 CET | 443 | 49739 | 34.117.188.166 | 192.168.2.6 |
Nov 21, 2024 11:03:17.130037069 CET | 49739 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:17.131411076 CET | 49739 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:17.131422043 CET | 443 | 49739 | 34.117.188.166 | 192.168.2.6 |
Nov 21, 2024 11:03:17.145658970 CET | 49740 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:17.145739079 CET | 443 | 49740 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:17.146955013 CET | 49740 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:17.147113085 CET | 49740 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:17.147147894 CET | 443 | 49740 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:17.147351980 CET | 49741 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:17.147373915 CET | 443 | 49741 | 34.117.188.166 | 192.168.2.6 |
Nov 21, 2024 11:03:17.147538900 CET | 49741 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:17.148984909 CET | 49741 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:17.149008036 CET | 443 | 49741 | 34.117.188.166 | 192.168.2.6 |
Nov 21, 2024 11:03:17.204560041 CET | 80 | 49735 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:17.208163977 CET | 49735 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:17.208477974 CET | 49735 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:17.327986956 CET | 80 | 49735 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:17.561448097 CET | 49742 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 21, 2024 11:03:17.561497927 CET | 443 | 49742 | 34.160.144.191 | 192.168.2.6 |
Nov 21, 2024 11:03:17.561650991 CET | 49742 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 21, 2024 11:03:17.561701059 CET | 49742 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 21, 2024 11:03:17.561708927 CET | 443 | 49742 | 34.160.144.191 | 192.168.2.6 |
Nov 21, 2024 11:03:18.353503942 CET | 443 | 49739 | 34.117.188.166 | 192.168.2.6 |
Nov 21, 2024 11:03:18.353946924 CET | 49739 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:18.362270117 CET | 49739 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:18.362301111 CET | 443 | 49739 | 34.117.188.166 | 192.168.2.6 |
Nov 21, 2024 11:03:18.362314939 CET | 49739 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:18.362490892 CET | 443 | 49739 | 34.117.188.166 | 192.168.2.6 |
Nov 21, 2024 11:03:18.363338947 CET | 49739 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:18.385818005 CET | 80 | 49735 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:18.407558918 CET | 443 | 49740 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:18.407627106 CET | 49740 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:18.408133030 CET | 443 | 49738 | 35.190.72.216 | 192.168.2.6 |
Nov 21, 2024 11:03:18.408376932 CET | 49738 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 21, 2024 11:03:18.410779953 CET | 49740 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:18.410800934 CET | 443 | 49740 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:18.411061049 CET | 443 | 49740 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:18.415005922 CET | 49740 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:18.415082932 CET | 49740 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:18.415144920 CET | 443 | 49740 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:18.415288925 CET | 49740 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:18.416635990 CET | 49738 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 21, 2024 11:03:18.416645050 CET | 443 | 49738 | 35.190.72.216 | 192.168.2.6 |
Nov 21, 2024 11:03:18.416697979 CET | 49738 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 21, 2024 11:03:18.416898966 CET | 443 | 49738 | 35.190.72.216 | 192.168.2.6 |
Nov 21, 2024 11:03:18.417035103 CET | 49738 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 21, 2024 11:03:18.426707983 CET | 49735 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:18.458270073 CET | 49735 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:18.462646961 CET | 443 | 49741 | 34.117.188.166 | 192.168.2.6 |
Nov 21, 2024 11:03:18.463196993 CET | 49741 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:18.467688084 CET | 49741 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:18.467716932 CET | 443 | 49741 | 34.117.188.166 | 192.168.2.6 |
Nov 21, 2024 11:03:18.467756033 CET | 49741 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:18.467880011 CET | 443 | 49741 | 34.117.188.166 | 192.168.2.6 |
Nov 21, 2024 11:03:18.468172073 CET | 49741 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:18.539444923 CET | 443 | 49736 | 142.250.184.238 | 192.168.2.6 |
Nov 21, 2024 11:03:18.540126085 CET | 49736 | 443 | 192.168.2.6 | 142.250.184.238 |
Nov 21, 2024 11:03:18.540478945 CET | 443 | 49736 | 142.250.184.238 | 192.168.2.6 |
Nov 21, 2024 11:03:18.541150093 CET | 49736 | 443 | 192.168.2.6 | 142.250.184.238 |
Nov 21, 2024 11:03:18.545017004 CET | 49736 | 443 | 192.168.2.6 | 142.250.184.238 |
Nov 21, 2024 11:03:18.545037985 CET | 443 | 49736 | 142.250.184.238 | 192.168.2.6 |
Nov 21, 2024 11:03:18.545170069 CET | 49736 | 443 | 192.168.2.6 | 142.250.184.238 |
Nov 21, 2024 11:03:18.545361042 CET | 443 | 49736 | 142.250.184.238 | 192.168.2.6 |
Nov 21, 2024 11:03:18.553602934 CET | 49736 | 443 | 192.168.2.6 | 142.250.184.238 |
Nov 21, 2024 11:03:18.570473909 CET | 443 | 49737 | 142.250.184.238 | 192.168.2.6 |
Nov 21, 2024 11:03:18.571219921 CET | 443 | 49737 | 142.250.184.238 | 192.168.2.6 |
Nov 21, 2024 11:03:18.571373940 CET | 49737 | 443 | 192.168.2.6 | 142.250.184.238 |
Nov 21, 2024 11:03:18.572433949 CET | 49737 | 443 | 192.168.2.6 | 142.250.184.238 |
Nov 21, 2024 11:03:18.572444916 CET | 443 | 49737 | 142.250.184.238 | 192.168.2.6 |
Nov 21, 2024 11:03:18.577039003 CET | 49737 | 443 | 192.168.2.6 | 142.250.184.238 |
Nov 21, 2024 11:03:18.577068090 CET | 443 | 49737 | 142.250.184.238 | 192.168.2.6 |
Nov 21, 2024 11:03:18.577194929 CET | 49737 | 443 | 192.168.2.6 | 142.250.184.238 |
Nov 21, 2024 11:03:18.577253103 CET | 443 | 49737 | 142.250.184.238 | 192.168.2.6 |
Nov 21, 2024 11:03:18.578118086 CET | 80 | 49735 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:18.580822945 CET | 49735 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:18.580854893 CET | 49737 | 443 | 192.168.2.6 | 142.250.184.238 |
Nov 21, 2024 11:03:18.775954008 CET | 443 | 49742 | 34.160.144.191 | 192.168.2.6 |
Nov 21, 2024 11:03:18.787353039 CET | 443 | 49742 | 34.160.144.191 | 192.168.2.6 |
Nov 21, 2024 11:03:18.787817001 CET | 49742 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 21, 2024 11:03:18.791004896 CET | 49742 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 21, 2024 11:03:18.791013956 CET | 443 | 49742 | 34.160.144.191 | 192.168.2.6 |
Nov 21, 2024 11:03:18.791421890 CET | 443 | 49742 | 34.160.144.191 | 192.168.2.6 |
Nov 21, 2024 11:03:18.793312073 CET | 49742 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 21, 2024 11:03:18.793426991 CET | 49742 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 21, 2024 11:03:18.793497086 CET | 443 | 49742 | 34.160.144.191 | 192.168.2.6 |
Nov 21, 2024 11:03:18.795954943 CET | 49742 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 21, 2024 11:03:18.795954943 CET | 49742 | 443 | 192.168.2.6 | 34.160.144.191 |
Nov 21, 2024 11:03:19.263633966 CET | 49748 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:19.263674021 CET | 443 | 49748 | 34.117.188.166 | 192.168.2.6 |
Nov 21, 2024 11:03:19.264446974 CET | 49748 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:19.265888929 CET | 49748 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:19.265906096 CET | 443 | 49748 | 34.117.188.166 | 192.168.2.6 |
Nov 21, 2024 11:03:19.478327036 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:19.478427887 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:19.597876072 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:19.597959042 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:19.598032951 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:19.598086119 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:19.598114014 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:19.598252058 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:19.717639923 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:19.717756033 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:20.462857962 CET | 49753 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:20.462915897 CET | 443 | 49753 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:20.463376999 CET | 49753 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:20.464998960 CET | 49753 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:20.465014935 CET | 443 | 49753 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:20.473623037 CET | 49754 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:20.473654032 CET | 443 | 49754 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:20.473922014 CET | 49754 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:20.475392103 CET | 49754 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:20.475409031 CET | 443 | 49754 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:20.475785017 CET | 49755 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:20.475842953 CET | 443 | 49755 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:20.476058006 CET | 49755 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:20.476224899 CET | 49755 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:20.476238966 CET | 443 | 49755 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:20.496680021 CET | 49756 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:20.496727943 CET | 443 | 49756 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:20.496905088 CET | 49756 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:20.498363018 CET | 49756 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:20.498378992 CET | 443 | 49756 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:20.528879881 CET | 443 | 49748 | 34.117.188.166 | 192.168.2.6 |
Nov 21, 2024 11:03:20.533526897 CET | 49748 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:20.537381887 CET | 49748 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:20.537424088 CET | 443 | 49748 | 34.117.188.166 | 192.168.2.6 |
Nov 21, 2024 11:03:20.537494898 CET | 49748 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:20.537841082 CET | 443 | 49748 | 34.117.188.166 | 192.168.2.6 |
Nov 21, 2024 11:03:20.540627956 CET | 49748 | 443 | 192.168.2.6 | 34.117.188.166 |
Nov 21, 2024 11:03:20.685151100 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:20.734045029 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:20.775091887 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:20.790923119 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:20.818739891 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:20.910602093 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:21.105190992 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:21.150908947 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:21.687309027 CET | 443 | 49753 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:21.687391996 CET | 49753 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:21.688579082 CET | 443 | 49755 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:21.688858032 CET | 49755 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:21.689266920 CET | 443 | 49754 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:21.689330101 CET | 49754 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:21.712239981 CET | 443 | 49756 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:21.712347031 CET | 49756 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:21.733592033 CET | 49755 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:21.733625889 CET | 443 | 49755 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:21.734055042 CET | 443 | 49755 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:21.785470009 CET | 49755 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:21.805216074 CET | 49753 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:21.805249929 CET | 443 | 49753 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:21.805497885 CET | 49753 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:21.805697918 CET | 443 | 49753 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:21.806005955 CET | 49756 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:21.806029081 CET | 443 | 49756 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:21.806032896 CET | 49755 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:21.806150913 CET | 49753 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:21.806272984 CET | 443 | 49756 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:21.806293964 CET | 443 | 49755 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:21.806358099 CET | 49755 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:21.806369066 CET | 443 | 49755 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:21.806425095 CET | 49756 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:21.806432009 CET | 443 | 49756 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:21.808151960 CET | 49754 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:21.808181047 CET | 443 | 49754 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:21.808231115 CET | 49754 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:21.808346987 CET | 443 | 49754 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:21.808403969 CET | 49754 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:22.015328884 CET | 443 | 49756 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:22.015383959 CET | 49756 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:22.019341946 CET | 443 | 49755 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:22.019426107 CET | 49755 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:23.684149981 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:23.803906918 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:24.018027067 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:24.060945988 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:24.291779995 CET | 49768 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:24.291837931 CET | 443 | 49768 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:24.292819023 CET | 49768 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:24.294311047 CET | 49768 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:24.294327021 CET | 443 | 49768 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:25.608777046 CET | 443 | 49768 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:25.608851910 CET | 49768 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:25.614046097 CET | 49768 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:25.614061117 CET | 443 | 49768 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:25.614145041 CET | 49768 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:25.614212036 CET | 443 | 49768 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:25.614268064 CET | 49768 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:30.281730890 CET | 49784 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:30.281774044 CET | 443 | 49784 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:30.282161951 CET | 49785 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:30.282198906 CET | 443 | 49785 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:30.287383080 CET | 49786 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:30.287415028 CET | 443 | 49786 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:30.287882090 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:30.292767048 CET | 49784 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:30.292774916 CET | 49785 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:30.292795897 CET | 49786 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:30.292922974 CET | 49784 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:30.292939901 CET | 443 | 49784 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:30.293097973 CET | 49785 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:30.293114901 CET | 443 | 49785 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:30.294563055 CET | 49786 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:30.294584990 CET | 443 | 49786 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:30.407390118 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:30.471613884 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:30.473093033 CET | 49789 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:30.473145008 CET | 443 | 49789 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:30.474452972 CET | 49789 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:30.475860119 CET | 49789 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:30.475878954 CET | 443 | 49789 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:30.479356050 CET | 49790 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:30.479372025 CET | 443 | 49790 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:30.481179953 CET | 49790 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:30.482991934 CET | 49790 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:30.483006954 CET | 443 | 49790 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:30.592341900 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:30.601948023 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:30.650449991 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:30.805439949 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:30.866683960 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:31.504761934 CET | 443 | 49786 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:31.505817890 CET | 49786 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:31.511332035 CET | 49786 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:31.511332035 CET | 49786 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:31.511341095 CET | 443 | 49786 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:31.511569023 CET | 443 | 49786 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:31.511646032 CET | 49786 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:31.550256968 CET | 443 | 49784 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:31.550271034 CET | 443 | 49784 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:31.551073074 CET | 49784 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:31.555444002 CET | 443 | 49785 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:31.555464029 CET | 443 | 49785 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:31.555849075 CET | 49785 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:31.688240051 CET | 443 | 49789 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:31.688339949 CET | 49789 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:31.787468910 CET | 443 | 49790 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:31.787575006 CET | 49790 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:31.827258110 CET | 49784 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:31.827286959 CET | 443 | 49784 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:31.827749968 CET | 443 | 49784 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:31.829739094 CET | 49785 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:31.829756021 CET | 443 | 49785 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:31.830681086 CET | 443 | 49785 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:31.838287115 CET | 49784 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:31.838509083 CET | 443 | 49784 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:31.839031935 CET | 49784 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:31.839051008 CET | 443 | 49784 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:31.839131117 CET | 49785 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:31.839289904 CET | 49790 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:31.839289904 CET | 49790 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:31.839329004 CET | 443 | 49790 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:31.839359045 CET | 49785 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:31.839603901 CET | 443 | 49790 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:31.839659929 CET | 443 | 49785 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:31.839708090 CET | 49789 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:31.839708090 CET | 49789 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:31.839726925 CET | 443 | 49789 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:31.839891911 CET | 49785 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:31.840025902 CET | 443 | 49789 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:31.840125084 CET | 49790 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:31.841293097 CET | 49789 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:32.051342010 CET | 443 | 49784 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:32.051472902 CET | 49784 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:32.532304049 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:32.628591061 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:32.629709959 CET | 49796 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:32.629750967 CET | 443 | 49796 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:32.629959106 CET | 49797 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:32.630013943 CET | 443 | 49797 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:32.631500959 CET | 49796 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:32.631603956 CET | 49797 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:32.631654024 CET | 49796 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:32.631666899 CET | 443 | 49796 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:32.631755114 CET | 49797 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:32.631774902 CET | 443 | 49797 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:32.651897907 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:32.748158932 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:32.846936941 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:32.888262987 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:32.961587906 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:33.019800901 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:33.214147091 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:33.333728075 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:33.528429985 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:33.574665070 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:33.894527912 CET | 443 | 49797 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:33.894618034 CET | 49797 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:33.895576000 CET | 443 | 49796 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:33.895654917 CET | 49796 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:34.047831059 CET | 49797 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:34.047849894 CET | 443 | 49797 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:34.048192024 CET | 443 | 49797 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:34.052272081 CET | 49796 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:34.052301884 CET | 443 | 49796 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:34.052762032 CET | 443 | 49796 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:34.055613995 CET | 49797 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:34.055835009 CET | 443 | 49797 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:34.055924892 CET | 49797 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:34.055937052 CET | 443 | 49797 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:34.056390047 CET | 49796 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:34.056474924 CET | 49796 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:34.056729078 CET | 443 | 49796 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:03:34.057548046 CET | 49796 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:34.057588100 CET | 49796 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:34.057804108 CET | 49797 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:03:34.059089899 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:34.178610086 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:34.391825914 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:34.398058891 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:34.446114063 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:34.517702103 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:34.712496996 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:34.762628078 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:42.544574022 CET | 49820 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:42.544641018 CET | 443 | 49820 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:42.544712067 CET | 49820 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:42.546210051 CET | 49820 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:42.546227932 CET | 443 | 49820 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:43.808676004 CET | 443 | 49820 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:43.808768988 CET | 49820 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:43.814071894 CET | 49820 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:43.814091921 CET | 443 | 49820 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:43.814173937 CET | 49820 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:43.814251900 CET | 443 | 49820 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:03:43.815013885 CET | 49820 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:03:43.817053080 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:43.936604977 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:44.150191069 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:44.160708904 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:44.181627989 CET | 49826 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:44.181690931 CET | 443 | 49826 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:44.181849957 CET | 49826 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:44.181994915 CET | 49826 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:44.182038069 CET | 443 | 49826 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:44.195772886 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:44.198913097 CET | 49827 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 21, 2024 11:03:44.198935986 CET | 443 | 49827 | 35.190.72.216 | 192.168.2.6 |
Nov 21, 2024 11:03:44.201350927 CET | 49827 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 21, 2024 11:03:44.202967882 CET | 49827 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 21, 2024 11:03:44.202982903 CET | 443 | 49827 | 35.190.72.216 | 192.168.2.6 |
Nov 21, 2024 11:03:44.280297995 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:44.404278040 CET | 49828 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:44.404325962 CET | 443 | 49828 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:44.404580116 CET | 49828 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:44.404580116 CET | 49828 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:44.404622078 CET | 443 | 49828 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:44.405436993 CET | 49829 | 443 | 192.168.2.6 | 151.101.65.91 |
Nov 21, 2024 11:03:44.405456066 CET | 443 | 49829 | 151.101.65.91 | 192.168.2.6 |
Nov 21, 2024 11:03:44.405771017 CET | 49829 | 443 | 192.168.2.6 | 151.101.65.91 |
Nov 21, 2024 11:03:44.405900002 CET | 49829 | 443 | 192.168.2.6 | 151.101.65.91 |
Nov 21, 2024 11:03:44.405919075 CET | 443 | 49829 | 151.101.65.91 | 192.168.2.6 |
Nov 21, 2024 11:03:44.427746058 CET | 49830 | 443 | 192.168.2.6 | 35.201.103.21 |
Nov 21, 2024 11:03:44.427783966 CET | 443 | 49830 | 35.201.103.21 | 192.168.2.6 |
Nov 21, 2024 11:03:44.428154945 CET | 49830 | 443 | 192.168.2.6 | 35.201.103.21 |
Nov 21, 2024 11:03:44.429584026 CET | 49830 | 443 | 192.168.2.6 | 35.201.103.21 |
Nov 21, 2024 11:03:44.429610014 CET | 443 | 49830 | 35.201.103.21 | 192.168.2.6 |
Nov 21, 2024 11:03:44.476152897 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:44.527936935 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:45.420228958 CET | 443 | 49827 | 35.190.72.216 | 192.168.2.6 |
Nov 21, 2024 11:03:45.420303106 CET | 49827 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 21, 2024 11:03:45.425798893 CET | 49827 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 21, 2024 11:03:45.425823927 CET | 443 | 49827 | 35.190.72.216 | 192.168.2.6 |
Nov 21, 2024 11:03:45.425904036 CET | 49827 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 21, 2024 11:03:45.425988913 CET | 443 | 49827 | 35.190.72.216 | 192.168.2.6 |
Nov 21, 2024 11:03:45.426125050 CET | 49827 | 443 | 192.168.2.6 | 35.190.72.216 |
Nov 21, 2024 11:03:45.428658009 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:45.443706989 CET | 443 | 49826 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:45.443788052 CET | 49826 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:45.447173119 CET | 49826 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:45.447187901 CET | 443 | 49826 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:45.447472095 CET | 443 | 49826 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:45.450304985 CET | 49826 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:45.450397968 CET | 49826 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:45.450542927 CET | 443 | 49826 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:45.450648069 CET | 49826 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:45.548198938 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:45.619379044 CET | 443 | 49828 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:45.619446039 CET | 49828 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:45.622416019 CET | 49828 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:45.622427940 CET | 443 | 49828 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:45.622689962 CET | 443 | 49828 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:45.624870062 CET | 49828 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:45.624870062 CET | 49828 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:45.625082016 CET | 443 | 49828 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:45.625150919 CET | 49828 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:45.676311970 CET | 443 | 49829 | 151.101.65.91 | 192.168.2.6 |
Nov 21, 2024 11:03:45.676372051 CET | 49829 | 443 | 192.168.2.6 | 151.101.65.91 |
Nov 21, 2024 11:03:45.679666996 CET | 49829 | 443 | 192.168.2.6 | 151.101.65.91 |
Nov 21, 2024 11:03:45.679672003 CET | 443 | 49829 | 151.101.65.91 | 192.168.2.6 |
Nov 21, 2024 11:03:45.680366039 CET | 443 | 49829 | 151.101.65.91 | 192.168.2.6 |
Nov 21, 2024 11:03:45.681772947 CET | 49829 | 443 | 192.168.2.6 | 151.101.65.91 |
Nov 21, 2024 11:03:45.681886911 CET | 49829 | 443 | 192.168.2.6 | 151.101.65.91 |
Nov 21, 2024 11:03:45.681952000 CET | 443 | 49829 | 151.101.65.91 | 192.168.2.6 |
Nov 21, 2024 11:03:45.688254118 CET | 49829 | 443 | 192.168.2.6 | 151.101.65.91 |
Nov 21, 2024 11:03:45.689745903 CET | 49833 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:45.689799070 CET | 443 | 49833 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:45.691483021 CET | 49834 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:45.691517115 CET | 443 | 49834 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:45.692080975 CET | 49833 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:45.692168951 CET | 49833 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:45.692168951 CET | 49834 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:45.692183018 CET | 443 | 49833 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:45.692296982 CET | 49834 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:45.692307949 CET | 443 | 49834 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:45.693502903 CET | 49835 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:45.693512917 CET | 443 | 49835 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:45.694268942 CET | 49835 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:45.694401979 CET | 49835 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:45.694411993 CET | 443 | 49835 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:45.740559101 CET | 443 | 49830 | 35.201.103.21 | 192.168.2.6 |
Nov 21, 2024 11:03:45.740638018 CET | 49830 | 443 | 192.168.2.6 | 35.201.103.21 |
Nov 21, 2024 11:03:45.745623112 CET | 49830 | 443 | 192.168.2.6 | 35.201.103.21 |
Nov 21, 2024 11:03:45.745637894 CET | 443 | 49830 | 35.201.103.21 | 192.168.2.6 |
Nov 21, 2024 11:03:45.745740891 CET | 49830 | 443 | 192.168.2.6 | 35.201.103.21 |
Nov 21, 2024 11:03:45.745822906 CET | 443 | 49830 | 35.201.103.21 | 192.168.2.6 |
Nov 21, 2024 11:03:45.746098995 CET | 49830 | 443 | 192.168.2.6 | 35.201.103.21 |
Nov 21, 2024 11:03:45.759159088 CET | 49837 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:45.759202003 CET | 443 | 49837 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:45.759327888 CET | 49837 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:45.759407043 CET | 49837 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:45.759416103 CET | 443 | 49837 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:45.761529922 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:45.765314102 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:45.816119909 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:45.886527061 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:46.081357002 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:46.132654905 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:46.911734104 CET | 443 | 49835 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:46.911817074 CET | 49835 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:46.915028095 CET | 49835 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:46.915040016 CET | 443 | 49835 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:46.915385962 CET | 443 | 49835 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:46.918129921 CET | 49835 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:46.918234110 CET | 49835 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:46.918332100 CET | 443 | 49835 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:46.918412924 CET | 49835 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:46.921108961 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:46.997967005 CET | 443 | 49833 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:46.998044968 CET | 49833 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:47.000125885 CET | 443 | 49834 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:47.000195980 CET | 49834 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:47.000770092 CET | 49833 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:47.000778913 CET | 443 | 49833 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:47.001008034 CET | 443 | 49833 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:47.003511906 CET | 49834 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:47.003537893 CET | 443 | 49834 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:47.003776073 CET | 443 | 49834 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:47.007023096 CET | 49833 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:47.007119894 CET | 49833 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:47.007178068 CET | 443 | 49833 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:47.007440090 CET | 49834 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:47.007524967 CET | 49834 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:47.007602930 CET | 443 | 49834 | 35.244.181.201 | 192.168.2.6 |
Nov 21, 2024 11:03:47.007668018 CET | 49833 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:47.007679939 CET | 49834 | 443 | 192.168.2.6 | 35.244.181.201 |
Nov 21, 2024 11:03:47.030689001 CET | 443 | 49837 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:47.030755043 CET | 49837 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:47.033946037 CET | 49837 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:47.033952951 CET | 443 | 49837 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:47.034221888 CET | 443 | 49837 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:47.036377907 CET | 49837 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:47.036458969 CET | 49837 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:47.036513090 CET | 443 | 49837 | 34.149.100.209 | 192.168.2.6 |
Nov 21, 2024 11:03:47.040354013 CET | 49837 | 443 | 192.168.2.6 | 34.149.100.209 |
Nov 21, 2024 11:03:47.040846109 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:47.255635023 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:47.258567095 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:47.305488110 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:47.378071070 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:47.573082924 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:47.621522903 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:55.656687021 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:55.776236057 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:55.989659071 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:55.992723942 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:56.036333084 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:03:56.112365961 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:56.307394981 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:03:56.352919102 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:03.849611044 CET | 49880 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:04:03.849663019 CET | 443 | 49880 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:04:03.850202084 CET | 49880 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:04:03.851617098 CET | 49880 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:04:03.851639032 CET | 443 | 49880 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:04:05.114845037 CET | 443 | 49880 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:04:05.114978075 CET | 49880 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:04:05.118988037 CET | 49880 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:04:05.119012117 CET | 443 | 49880 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:04:05.119121075 CET | 49880 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:04:05.119259119 CET | 443 | 49880 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:04:05.119381905 CET | 49880 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:04:05.122148991 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:05.241770983 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:05.455348969 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:05.458458900 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:05.510672092 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:05.578139067 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:05.772994995 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:05.827219009 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:14.611006021 CET | 49905 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.611063004 CET | 443 | 49905 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:14.611183882 CET | 49906 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.611222982 CET | 443 | 49906 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:14.611290932 CET | 49907 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.611305952 CET | 443 | 49907 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:14.611537933 CET | 49909 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.611573935 CET | 443 | 49909 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:14.611603975 CET | 49908 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.611628056 CET | 443 | 49908 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:14.611663103 CET | 49910 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.611670017 CET | 443 | 49910 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:14.611757994 CET | 49905 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.611774921 CET | 49909 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.611778975 CET | 49906 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.611788034 CET | 49907 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.611960888 CET | 49905 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.611963034 CET | 49908 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.611963034 CET | 49910 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.611970901 CET | 443 | 49905 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:14.612092018 CET | 49910 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.612108946 CET | 443 | 49910 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:14.612165928 CET | 49909 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.612185001 CET | 443 | 49909 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:14.612251997 CET | 49908 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.612272024 CET | 443 | 49908 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:14.612289906 CET | 49907 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.612298012 CET | 443 | 49907 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:14.612354994 CET | 49906 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:14.612369061 CET | 443 | 49906 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.458947897 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:15.578828096 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:15.775417089 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:15.823656082 CET | 443 | 49909 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.823812962 CET | 49909 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.827065945 CET | 49909 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.827092886 CET | 443 | 49909 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.827337027 CET | 443 | 49909 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.829380035 CET | 49909 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.829502106 CET | 49909 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.829533100 CET | 443 | 49909 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.830049992 CET | 49915 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.830110073 CET | 443 | 49915 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.832910061 CET | 49909 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.832953930 CET | 49915 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.833122969 CET | 49915 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.833158970 CET | 443 | 49915 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.833816051 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:15.870893955 CET | 443 | 49906 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.871020079 CET | 49906 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.874355078 CET | 49906 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.874367952 CET | 443 | 49906 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.874686003 CET | 443 | 49906 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.875694036 CET | 443 | 49908 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.875933886 CET | 49908 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.878664970 CET | 49908 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.878673077 CET | 443 | 49908 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.879012108 CET | 443 | 49910 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.879062891 CET | 443 | 49908 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.879415035 CET | 49910 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.881915092 CET | 49910 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.881920099 CET | 443 | 49910 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.882673979 CET | 443 | 49910 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.883378983 CET | 49906 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.883524895 CET | 49906 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.883552074 CET | 443 | 49906 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.884053946 CET | 49916 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.884085894 CET | 443 | 49916 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.886982918 CET | 49908 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.887118101 CET | 49908 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.887413979 CET | 443 | 49908 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.888818979 CET | 49910 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.888926029 CET | 49910 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.889013052 CET | 443 | 49910 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.889628887 CET | 49906 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.889659882 CET | 49910 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.889676094 CET | 49908 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.889676094 CET | 49910 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.889682055 CET | 49916 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.889792919 CET | 49916 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.889803886 CET | 443 | 49916 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.895786047 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:15.916076899 CET | 443 | 49907 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.916079044 CET | 443 | 49905 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.916225910 CET | 49905 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.916225910 CET | 49907 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.919461012 CET | 49905 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.919492960 CET | 443 | 49905 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.919831991 CET | 443 | 49905 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.921957016 CET | 49907 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.921969891 CET | 443 | 49907 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.922178984 CET | 443 | 49907 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.925633907 CET | 49905 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.925743103 CET | 49905 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.925896883 CET | 443 | 49905 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.926053047 CET | 49907 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.926171064 CET | 49907 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.926194906 CET | 443 | 49907 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:15.926279068 CET | 49905 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.926279068 CET | 49907 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:15.953571081 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:16.166733980 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:16.169900894 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:16.207958937 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:16.289444923 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:16.484133005 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:16.530961990 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:17.089243889 CET | 443 | 49915 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:17.089390993 CET | 49915 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:17.092772007 CET | 49915 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:17.092803955 CET | 443 | 49915 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:17.093080997 CET | 443 | 49915 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:17.095561028 CET | 49915 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:17.095701933 CET | 49915 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:17.095745087 CET | 443 | 49915 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:17.095856905 CET | 49915 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:17.098212957 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:17.196604967 CET | 443 | 49916 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:17.196679115 CET | 49916 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:17.199384928 CET | 49916 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:17.199404955 CET | 443 | 49916 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:17.200396061 CET | 443 | 49916 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:17.201766968 CET | 49916 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:17.201884031 CET | 49916 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:17.202183008 CET | 443 | 49916 | 34.120.208.123 | 192.168.2.6 |
Nov 21, 2024 11:04:17.202877998 CET | 49916 | 443 | 192.168.2.6 | 34.120.208.123 |
Nov 21, 2024 11:04:17.217976093 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:17.431346893 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:17.434472084 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:17.480552912 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:17.554158926 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:17.749044895 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:17.797013998 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:27.439296961 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:27.559012890 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:27.762386084 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:27.882033110 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:37.567406893 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:37.687180042 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:37.890644073 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:38.010315895 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:45.357656956 CET | 49983 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:04:45.357696056 CET | 443 | 49983 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:04:45.358628035 CET | 49983 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:04:45.360826015 CET | 49983 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:04:45.360851049 CET | 443 | 49983 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:04:46.634753942 CET | 443 | 49983 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:04:46.634975910 CET | 49983 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:04:46.639890909 CET | 49983 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:04:46.639904022 CET | 443 | 49983 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:04:46.640057087 CET | 49983 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:04:46.640206099 CET | 443 | 49983 | 34.107.243.93 | 192.168.2.6 |
Nov 21, 2024 11:04:46.640880108 CET | 49983 | 443 | 192.168.2.6 | 34.107.243.93 |
Nov 21, 2024 11:04:46.642787933 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:46.762320995 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:46.975492001 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:46.979661942 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:47.016783953 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:47.099478006 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:47.294392109 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:47.348967075 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:56.989860058 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:57.109426022 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:04:57.306303978 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:04:57.426664114 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:05:07.119302988 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:05:07.238943100 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:05:07.435841084 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:05:07.555552959 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:05:17.240719080 CET | 49751 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:05:17.360243082 CET | 80 | 49751 | 34.107.221.82 | 192.168.2.6 |
Nov 21, 2024 11:05:17.557277918 CET | 49750 | 80 | 192.168.2.6 | 34.107.221.82 |
Nov 21, 2024 11:05:17.676945925 CET | 80 | 49750 | 34.107.221.82 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 21, 2024 11:03:16.828794003 CET | 55185 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:16.829063892 CET | 54679 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:16.902657032 CET | 65231 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:16.914005995 CET | 51515 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:17.056072950 CET | 53 | 55185 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:17.086546898 CET | 64137 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:17.086957932 CET | 57995 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:17.088027954 CET | 59012 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:17.128518105 CET | 53 | 65231 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:17.140563965 CET | 53 | 51515 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:17.313201904 CET | 53 | 64137 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:17.313236952 CET | 53 | 57995 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:17.313733101 CET | 53 | 59012 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:17.317234039 CET | 56892 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:17.317468882 CET | 62261 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:17.317775965 CET | 57439 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:17.334296942 CET | 64974 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:17.543076038 CET | 53 | 62261 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:17.543138981 CET | 53 | 56892 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:17.544051886 CET | 53 | 57439 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:17.547946930 CET | 55514 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:17.548160076 CET | 57353 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:17.548554897 CET | 59149 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:17.560547113 CET | 53 | 64974 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:17.774180889 CET | 53 | 55514 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:17.774970055 CET | 53391 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:17.775098085 CET | 53 | 59149 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:17.775363922 CET | 53 | 57353 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:17.775610924 CET | 52979 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:17.776015997 CET | 63163 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:18.000868082 CET | 53 | 53391 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:18.001352072 CET | 53 | 52979 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:18.001915932 CET | 53 | 63163 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:18.002784967 CET | 58416 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:18.234683990 CET | 53 | 58416 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:18.237061024 CET | 65139 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:18.455665112 CET | 54141 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:18.456059933 CET | 60147 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:18.465425968 CET | 53 | 65139 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:18.681746006 CET | 53 | 54141 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:18.682024956 CET | 53 | 60147 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:19.250186920 CET | 52947 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:19.264332056 CET | 52373 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:19.797599077 CET | 55024 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:19.946762085 CET | 53 | 57075 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:20.023545027 CET | 53 | 55024 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:20.024772882 CET | 52443 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:20.235008955 CET | 64391 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:20.250731945 CET | 53 | 52443 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:20.269638062 CET | 51657 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:20.461518049 CET | 53 | 64391 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:20.463347912 CET | 57079 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:20.473824978 CET | 53595 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:20.495842934 CET | 53 | 51657 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:20.689030886 CET | 53 | 57079 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:20.693301916 CET | 50546 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:20.699491024 CET | 53 | 53595 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:20.701812029 CET | 50210 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:20.919625044 CET | 53 | 50546 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:20.927753925 CET | 53 | 50210 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:23.643958092 CET | 63265 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:23.873245001 CET | 53 | 63265 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:24.290599108 CET | 54995 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:24.516345024 CET | 53 | 54995 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:24.519566059 CET | 64201 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:24.745837927 CET | 53 | 64201 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:28.947284937 CET | 56788 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:29.020423889 CET | 60275 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:29.023570061 CET | 56682 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:29.173481941 CET | 53 | 56788 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:29.249052048 CET | 53 | 60275 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:29.251816988 CET | 53 | 56682 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:30.282465935 CET | 57366 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:30.284545898 CET | 59863 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:30.284990072 CET | 50232 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:30.510483980 CET | 53 | 57366 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:30.511472940 CET | 52452 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:30.512491941 CET | 53 | 59863 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:30.512538910 CET | 53 | 50232 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:30.513046980 CET | 65529 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:30.513302088 CET | 54785 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:30.739588976 CET | 53 | 52452 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:30.740329981 CET | 61342 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:30.740348101 CET | 53 | 65529 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:30.740386009 CET | 53 | 54785 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:30.740921974 CET | 51508 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:30.741117954 CET | 60426 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:30.966006994 CET | 53 | 61342 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:30.966728926 CET | 53 | 60426 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:30.967093945 CET | 53 | 51508 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:30.968614101 CET | 49573 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:30.968844891 CET | 58993 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:30.969173908 CET | 64702 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:31.196064949 CET | 53 | 58993 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:31.196089983 CET | 53 | 64702 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:31.196101904 CET | 53 | 49573 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:31.196867943 CET | 56228 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:31.197505951 CET | 51645 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:31.423528910 CET | 53 | 56228 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:31.424087048 CET | 53 | 51645 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:42.543513060 CET | 55749 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:42.769459963 CET | 53 | 55749 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:42.771302938 CET | 61298 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:42.999119043 CET | 53 | 61298 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:44.177539110 CET | 62342 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:44.200911045 CET | 61638 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:44.403493881 CET | 53 | 62342 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:44.404449940 CET | 57740 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:44.405704975 CET | 64884 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:44.426842928 CET | 53 | 61638 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:44.428116083 CET | 65142 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:44.630263090 CET | 53 | 57740 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:44.631412983 CET | 53 | 64884 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:44.632093906 CET | 52587 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:44.654014111 CET | 53 | 65142 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:44.655184031 CET | 51610 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:03:44.858540058 CET | 53 | 52587 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:03:44.882342100 CET | 53 | 51610 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:04:03.849737883 CET | 64447 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:04:04.076909065 CET | 53 | 64447 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:04:05.122468948 CET | 55212 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:04:14.615102053 CET | 54918 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:04:14.840802908 CET | 53 | 54918 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:04:15.834309101 CET | 59270 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:04:45.129885912 CET | 62472 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:04:45.356081009 CET | 53 | 62472 | 1.1.1.1 | 192.168.2.6 |
Nov 21, 2024 11:04:45.358546019 CET | 64630 | 53 | 192.168.2.6 | 1.1.1.1 |
Nov 21, 2024 11:04:45.584561110 CET | 53 | 64630 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 21, 2024 11:03:16.828794003 CET | 192.168.2.6 | 1.1.1.1 | 0xc87b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:16.829063892 CET | 192.168.2.6 | 1.1.1.1 | 0xc763 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:16.902657032 CET | 192.168.2.6 | 1.1.1.1 | 0x3606 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:16.914005995 CET | 192.168.2.6 | 1.1.1.1 | 0xc084 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:17.086546898 CET | 192.168.2.6 | 1.1.1.1 | 0xaa20 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:17.086957932 CET | 192.168.2.6 | 1.1.1.1 | 0xb42 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:17.088027954 CET | 192.168.2.6 | 1.1.1.1 | 0x1586 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:17.317234039 CET | 192.168.2.6 | 1.1.1.1 | 0xcded | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:17.317468882 CET | 192.168.2.6 | 1.1.1.1 | 0x87f7 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:17.317775965 CET | 192.168.2.6 | 1.1.1.1 | 0x5be6 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:17.334296942 CET | 192.168.2.6 | 1.1.1.1 | 0x438a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:17.547946930 CET | 192.168.2.6 | 1.1.1.1 | 0x726a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:17.548160076 CET | 192.168.2.6 | 1.1.1.1 | 0x53c1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:17.548554897 CET | 192.168.2.6 | 1.1.1.1 | 0xc7f5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:17.774970055 CET | 192.168.2.6 | 1.1.1.1 | 0x33d0 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:17.775610924 CET | 192.168.2.6 | 1.1.1.1 | 0xe0a0 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:17.776015997 CET | 192.168.2.6 | 1.1.1.1 | 0x1bc1 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:18.002784967 CET | 192.168.2.6 | 1.1.1.1 | 0x302b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:18.237061024 CET | 192.168.2.6 | 1.1.1.1 | 0x2d59 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:18.455665112 CET | 192.168.2.6 | 1.1.1.1 | 0x5d93 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:18.456059933 CET | 192.168.2.6 | 1.1.1.1 | 0x20c1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:19.250186920 CET | 192.168.2.6 | 1.1.1.1 | 0xc4e7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:19.264332056 CET | 192.168.2.6 | 1.1.1.1 | 0x631e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:19.797599077 CET | 192.168.2.6 | 1.1.1.1 | 0xb0f0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:20.024772882 CET | 192.168.2.6 | 1.1.1.1 | 0x3f87 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:20.235008955 CET | 192.168.2.6 | 1.1.1.1 | 0x8718 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:20.269638062 CET | 192.168.2.6 | 1.1.1.1 | 0x8c60 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:20.463347912 CET | 192.168.2.6 | 1.1.1.1 | 0xfd57 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:20.473824978 CET | 192.168.2.6 | 1.1.1.1 | 0x9d04 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:20.693301916 CET | 192.168.2.6 | 1.1.1.1 | 0xacb | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:20.701812029 CET | 192.168.2.6 | 1.1.1.1 | 0x1e64 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:23.643958092 CET | 192.168.2.6 | 1.1.1.1 | 0x218b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:24.290599108 CET | 192.168.2.6 | 1.1.1.1 | 0x83b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:24.519566059 CET | 192.168.2.6 | 1.1.1.1 | 0x4970 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:28.947284937 CET | 192.168.2.6 | 1.1.1.1 | 0x64ff | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:29.020423889 CET | 192.168.2.6 | 1.1.1.1 | 0x9ade | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:29.023570061 CET | 192.168.2.6 | 1.1.1.1 | 0x528 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:30.282465935 CET | 192.168.2.6 | 1.1.1.1 | 0x3af9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:30.284545898 CET | 192.168.2.6 | 1.1.1.1 | 0x84 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:30.284990072 CET | 192.168.2.6 | 1.1.1.1 | 0x932e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:30.511472940 CET | 192.168.2.6 | 1.1.1.1 | 0x76a9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:30.513046980 CET | 192.168.2.6 | 1.1.1.1 | 0x3112 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:30.513302088 CET | 192.168.2.6 | 1.1.1.1 | 0x1645 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:30.740329981 CET | 192.168.2.6 | 1.1.1.1 | 0xc9be | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:30.740921974 CET | 192.168.2.6 | 1.1.1.1 | 0x78d8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:30.741117954 CET | 192.168.2.6 | 1.1.1.1 | 0x50d9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:30.968614101 CET | 192.168.2.6 | 1.1.1.1 | 0x2065 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:30.968844891 CET | 192.168.2.6 | 1.1.1.1 | 0x9896 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:30.969173908 CET | 192.168.2.6 | 1.1.1.1 | 0x83ab | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:31.196867943 CET | 192.168.2.6 | 1.1.1.1 | 0x3065 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:31.197505951 CET | 192.168.2.6 | 1.1.1.1 | 0x9c3b | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:42.543513060 CET | 192.168.2.6 | 1.1.1.1 | 0x6512 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:42.771302938 CET | 192.168.2.6 | 1.1.1.1 | 0x2f5 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:44.177539110 CET | 192.168.2.6 | 1.1.1.1 | 0x2145 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:44.200911045 CET | 192.168.2.6 | 1.1.1.1 | 0x234f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:44.404449940 CET | 192.168.2.6 | 1.1.1.1 | 0xd45f | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:44.405704975 CET | 192.168.2.6 | 1.1.1.1 | 0x48b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:44.428116083 CET | 192.168.2.6 | 1.1.1.1 | 0xe59 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:03:44.632093906 CET | 192.168.2.6 | 1.1.1.1 | 0x42f9 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:03:44.655184031 CET | 192.168.2.6 | 1.1.1.1 | 0x6272 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:04:03.849737883 CET | 192.168.2.6 | 1.1.1.1 | 0x888 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:04:05.122468948 CET | 192.168.2.6 | 1.1.1.1 | 0xf02b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:04:14.615102053 CET | 192.168.2.6 | 1.1.1.1 | 0x8b14 | Standard query (0) | 28 | IN (0x0001) | false | |
Nov 21, 2024 11:04:15.834309101 CET | 192.168.2.6 | 1.1.1.1 | 0xf04c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:04:45.129885912 CET | 192.168.2.6 | 1.1.1.1 | 0x9b8c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 21, 2024 11:04:45.358546019 CET | 192.168.2.6 | 1.1.1.1 | 0xdae8 | Standard query (0) | 28 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 21, 2024 11:03:17.055991888 CET | 1.1.1.1 | 192.168.2.6 | 0x7aa4 | No error (0) | 35.190.72.216 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.056035995 CET | 1.1.1.1 | 192.168.2.6 | 0xc763 | No error (0) | detectportal.prod.mozaws.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.056035995 CET | 1.1.1.1 | 192.168.2.6 | 0xc763 | No error (0) | 34.107.221.82 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.056072950 CET | 1.1.1.1 | 192.168.2.6 | 0xc87b | No error (0) | 142.250.184.238 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.128518105 CET | 1.1.1.1 | 192.168.2.6 | 0x3606 | No error (0) | 34.117.188.166 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.130069971 CET | 1.1.1.1 | 192.168.2.6 | 0xa0a6 | No error (0) | prod.balrog.prod.cloudops.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.130069971 CET | 1.1.1.1 | 192.168.2.6 | 0xa0a6 | No error (0) | 35.244.181.201 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.140563965 CET | 1.1.1.1 | 192.168.2.6 | 0xc084 | No error (0) | prod.ads.prod.webservices.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.140563965 CET | 1.1.1.1 | 192.168.2.6 | 0xc084 | No error (0) | 34.117.188.166 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.313201904 CET | 1.1.1.1 | 192.168.2.6 | 0xaa20 | No error (0) | 34.107.221.82 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.313236952 CET | 1.1.1.1 | 192.168.2.6 | 0xb42 | No error (0) | 216.58.206.78 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.313733101 CET | 1.1.1.1 | 192.168.2.6 | 0x1586 | No error (0) | 35.190.72.216 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.543076038 CET | 1.1.1.1 | 192.168.2.6 | 0x87f7 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 21, 2024 11:03:17.543138981 CET | 1.1.1.1 | 192.168.2.6 | 0xcded | No error (0) | 28 | IN (0x0001) | false | |||
Nov 21, 2024 11:03:17.560547113 CET | 1.1.1.1 | 192.168.2.6 | 0x438a | No error (0) | content-signature-chains.prod.autograph.services.mozaws.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.560547113 CET | 1.1.1.1 | 192.168.2.6 | 0x438a | No error (0) | prod.content-signature-chains.prod.webservices.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.560547113 CET | 1.1.1.1 | 192.168.2.6 | 0x438a | No error (0) | 34.160.144.191 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.774180889 CET | 1.1.1.1 | 192.168.2.6 | 0x726a | No error (0) | 34.117.188.166 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.775098085 CET | 1.1.1.1 | 192.168.2.6 | 0xc7f5 | No error (0) | 34.117.188.166 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:17.775363922 CET | 1.1.1.1 | 192.168.2.6 | 0x53c1 | No error (0) | 35.244.181.201 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:18.234683990 CET | 1.1.1.1 | 192.168.2.6 | 0x302b | No error (0) | 34.160.144.191 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:18.465425968 CET | 1.1.1.1 | 192.168.2.6 | 0x2d59 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 21, 2024 11:03:18.681746006 CET | 1.1.1.1 | 192.168.2.6 | 0x5d93 | No error (0) | 93.184.215.14 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:18.682024956 CET | 1.1.1.1 | 192.168.2.6 | 0x20c1 | No error (0) | 192.0.0.171 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:18.682024956 CET | 1.1.1.1 | 192.168.2.6 | 0x20c1 | No error (0) | 192.0.0.170 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:19.476650000 CET | 1.1.1.1 | 192.168.2.6 | 0xc4e7 | No error (0) | detectportal.prod.mozaws.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:19.476650000 CET | 1.1.1.1 | 192.168.2.6 | 0xc4e7 | No error (0) | 34.107.221.82 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:19.491458893 CET | 1.1.1.1 | 192.168.2.6 | 0x631e | No error (0) | shavar.prod.mozaws.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:20.023545027 CET | 1.1.1.1 | 192.168.2.6 | 0xb0f0 | No error (0) | 34.107.243.93 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:20.250731945 CET | 1.1.1.1 | 192.168.2.6 | 0x3f87 | No error (0) | 34.107.243.93 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:20.461518049 CET | 1.1.1.1 | 192.168.2.6 | 0x8718 | No error (0) | prod.remote-settings.prod.webservices.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:20.461518049 CET | 1.1.1.1 | 192.168.2.6 | 0x8718 | No error (0) | 34.149.100.209 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:20.472697973 CET | 1.1.1.1 | 192.168.2.6 | 0x2273 | No error (0) | 34.120.208.123 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:20.473396063 CET | 1.1.1.1 | 192.168.2.6 | 0x4dbf | No error (0) | prod.balrog.prod.cloudops.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:20.473396063 CET | 1.1.1.1 | 192.168.2.6 | 0x4dbf | No error (0) | 35.244.181.201 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:20.689030886 CET | 1.1.1.1 | 192.168.2.6 | 0xfd57 | No error (0) | 34.149.100.209 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:20.699491024 CET | 1.1.1.1 | 192.168.2.6 | 0x9d04 | No error (0) | 34.120.208.123 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:23.873245001 CET | 1.1.1.1 | 192.168.2.6 | 0x218b | No error (0) | prod.sumo.prod.webservices.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:23.873245001 CET | 1.1.1.1 | 192.168.2.6 | 0x218b | No error (0) | us-west1.prod.sumo.prod.webservices.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:23.873245001 CET | 1.1.1.1 | 192.168.2.6 | 0x218b | No error (0) | 34.149.128.2 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:24.029614925 CET | 1.1.1.1 | 192.168.2.6 | 0x1ad2 | No error (0) | 34.120.208.123 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:24.516345024 CET | 1.1.1.1 | 192.168.2.6 | 0x83b | No error (0) | 34.149.128.2 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.249052048 CET | 1.1.1.1 | 192.168.2.6 | 0x9ade | No error (0) | star-mini.c10r.facebook.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.249052048 CET | 1.1.1.1 | 192.168.2.6 | 0x9ade | No error (0) | 157.240.251.35 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | youtube-ui.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | 142.250.184.238 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | 142.250.186.110 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | 142.250.185.174 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | 142.250.185.142 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | 172.217.18.14 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | 142.250.185.206 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | 142.250.186.174 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | 142.250.186.142 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | 142.250.185.238 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | 172.217.16.206 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | 216.58.206.78 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | 142.250.186.46 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | 142.250.185.78 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | 216.58.212.142 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | 142.250.74.206 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:29.251816988 CET | 1.1.1.1 | 192.168.2.6 | 0x528 | No error (0) | 142.250.186.78 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.510483980 CET | 1.1.1.1 | 192.168.2.6 | 0x3af9 | No error (0) | dyna.wikimedia.org | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.510483980 CET | 1.1.1.1 | 192.168.2.6 | 0x3af9 | No error (0) | 185.15.59.224 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512491941 CET | 1.1.1.1 | 192.168.2.6 | 0x84 | No error (0) | 157.240.253.35 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512538910 CET | 1.1.1.1 | 192.168.2.6 | 0x932e | No error (0) | 172.217.18.110 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512538910 CET | 1.1.1.1 | 192.168.2.6 | 0x932e | No error (0) | 142.250.185.174 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512538910 CET | 1.1.1.1 | 192.168.2.6 | 0x932e | No error (0) | 142.250.184.238 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512538910 CET | 1.1.1.1 | 192.168.2.6 | 0x932e | No error (0) | 142.250.186.110 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512538910 CET | 1.1.1.1 | 192.168.2.6 | 0x932e | No error (0) | 216.58.206.46 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512538910 CET | 1.1.1.1 | 192.168.2.6 | 0x932e | No error (0) | 142.250.185.110 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512538910 CET | 1.1.1.1 | 192.168.2.6 | 0x932e | No error (0) | 142.250.185.206 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512538910 CET | 1.1.1.1 | 192.168.2.6 | 0x932e | No error (0) | 142.250.185.238 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512538910 CET | 1.1.1.1 | 192.168.2.6 | 0x932e | No error (0) | 172.217.18.14 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512538910 CET | 1.1.1.1 | 192.168.2.6 | 0x932e | No error (0) | 172.217.16.206 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512538910 CET | 1.1.1.1 | 192.168.2.6 | 0x932e | No error (0) | 142.250.181.238 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512538910 CET | 1.1.1.1 | 192.168.2.6 | 0x932e | No error (0) | 142.250.74.206 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512538910 CET | 1.1.1.1 | 192.168.2.6 | 0x932e | No error (0) | 142.250.186.46 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512538910 CET | 1.1.1.1 | 192.168.2.6 | 0x932e | No error (0) | 142.250.185.142 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512538910 CET | 1.1.1.1 | 192.168.2.6 | 0x932e | No error (0) | 142.250.184.206 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.512538910 CET | 1.1.1.1 | 192.168.2.6 | 0x932e | No error (0) | 142.250.186.174 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.739588976 CET | 1.1.1.1 | 192.168.2.6 | 0x76a9 | No error (0) | 185.15.59.224 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.740348101 CET | 1.1.1.1 | 192.168.2.6 | 0x3112 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 21, 2024 11:03:30.740386009 CET | 1.1.1.1 | 192.168.2.6 | 0x1645 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 21, 2024 11:03:30.740386009 CET | 1.1.1.1 | 192.168.2.6 | 0x1645 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 21, 2024 11:03:30.740386009 CET | 1.1.1.1 | 192.168.2.6 | 0x1645 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 21, 2024 11:03:30.740386009 CET | 1.1.1.1 | 192.168.2.6 | 0x1645 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 21, 2024 11:03:30.966006994 CET | 1.1.1.1 | 192.168.2.6 | 0xc9be | No error (0) | 28 | IN (0x0001) | false | |||
Nov 21, 2024 11:03:30.966728926 CET | 1.1.1.1 | 192.168.2.6 | 0x50d9 | No error (0) | 104.244.42.129 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.967093945 CET | 1.1.1.1 | 192.168.2.6 | 0x78d8 | No error (0) | reddit.map.fastly.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.967093945 CET | 1.1.1.1 | 192.168.2.6 | 0x78d8 | No error (0) | 151.101.193.140 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.967093945 CET | 1.1.1.1 | 192.168.2.6 | 0x78d8 | No error (0) | 151.101.129.140 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.967093945 CET | 1.1.1.1 | 192.168.2.6 | 0x78d8 | No error (0) | 151.101.1.140 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:30.967093945 CET | 1.1.1.1 | 192.168.2.6 | 0x78d8 | No error (0) | 151.101.65.140 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:31.196064949 CET | 1.1.1.1 | 192.168.2.6 | 0x9896 | No error (0) | 104.244.42.193 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:31.196101904 CET | 1.1.1.1 | 192.168.2.6 | 0x2065 | No error (0) | 151.101.129.140 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:31.196101904 CET | 1.1.1.1 | 192.168.2.6 | 0x2065 | No error (0) | 151.101.65.140 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:31.196101904 CET | 1.1.1.1 | 192.168.2.6 | 0x2065 | No error (0) | 151.101.1.140 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:31.196101904 CET | 1.1.1.1 | 192.168.2.6 | 0x2065 | No error (0) | 151.101.193.140 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:42.769459963 CET | 1.1.1.1 | 192.168.2.6 | 0x6512 | No error (0) | 34.107.243.93 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:44.402858019 CET | 1.1.1.1 | 192.168.2.6 | 0x8817 | No error (0) | prod.balrog.prod.cloudops.mozgcp.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:44.402858019 CET | 1.1.1.1 | 192.168.2.6 | 0x8817 | No error (0) | 35.244.181.201 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:44.403493881 CET | 1.1.1.1 | 192.168.2.6 | 0x2145 | No error (0) | 151.101.65.91 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:44.403493881 CET | 1.1.1.1 | 192.168.2.6 | 0x2145 | No error (0) | 151.101.129.91 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:44.403493881 CET | 1.1.1.1 | 192.168.2.6 | 0x2145 | No error (0) | 151.101.1.91 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:44.403493881 CET | 1.1.1.1 | 192.168.2.6 | 0x2145 | No error (0) | 151.101.193.91 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:44.426842928 CET | 1.1.1.1 | 192.168.2.6 | 0x234f | No error (0) | normandy-cdn.services.mozilla.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:44.426842928 CET | 1.1.1.1 | 192.168.2.6 | 0x234f | No error (0) | 35.201.103.21 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:44.631412983 CET | 1.1.1.1 | 192.168.2.6 | 0x48b | No error (0) | 151.101.129.91 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:44.631412983 CET | 1.1.1.1 | 192.168.2.6 | 0x48b | No error (0) | 151.101.193.91 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:44.631412983 CET | 1.1.1.1 | 192.168.2.6 | 0x48b | No error (0) | 151.101.1.91 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:44.631412983 CET | 1.1.1.1 | 192.168.2.6 | 0x48b | No error (0) | 151.101.65.91 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:44.654014111 CET | 1.1.1.1 | 192.168.2.6 | 0xe59 | No error (0) | 35.201.103.21 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:44.858540058 CET | 1.1.1.1 | 192.168.2.6 | 0x42f9 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 21, 2024 11:03:44.858540058 CET | 1.1.1.1 | 192.168.2.6 | 0x42f9 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 21, 2024 11:03:44.858540058 CET | 1.1.1.1 | 192.168.2.6 | 0x42f9 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 21, 2024 11:03:44.858540058 CET | 1.1.1.1 | 192.168.2.6 | 0x42f9 | No error (0) | 28 | IN (0x0001) | false | |||
Nov 21, 2024 11:03:47.243645906 CET | 1.1.1.1 | 192.168.2.6 | 0x7867 | No error (0) | a17.rackcdn.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:03:47.243645906 CET | 1.1.1.1 | 192.168.2.6 | 0x7867 | No error (0) | a17.rackcdn.com.mdc.edgesuite.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:04:05.348674059 CET | 1.1.1.1 | 192.168.2.6 | 0xf02b | No error (0) | detectportal.prod.mozaws.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:04:05.348674059 CET | 1.1.1.1 | 192.168.2.6 | 0xf02b | No error (0) | 34.107.221.82 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:04:14.607718945 CET | 1.1.1.1 | 192.168.2.6 | 0xe8e0 | No error (0) | 34.120.208.123 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:04:16.060107946 CET | 1.1.1.1 | 192.168.2.6 | 0xf04c | No error (0) | detectportal.prod.mozaws.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 21, 2024 11:04:16.060107946 CET | 1.1.1.1 | 192.168.2.6 | 0xf04c | No error (0) | 34.107.221.82 | A (IP address) | IN (0x0001) | false | ||
Nov 21, 2024 11:04:45.356081009 CET | 1.1.1.1 | 192.168.2.6 | 0x9b8c | No error (0) | 34.107.243.93 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49735 | 34.107.221.82 | 80 | 4540 | C:\Program Files\Mozilla Firefox\firefox.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 21, 2024 11:03:17.208477974 CET | 303 | OUT | |
Nov 21, 2024 11:03:18.385818005 CET | 298 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49750 | 34.107.221.82 | 80 | 4540 | C:\Program Files\Mozilla Firefox\firefox.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 21, 2024 11:03:19.598114014 CET | 305 | OUT | |
Nov 21, 2024 11:03:20.685151100 CET | 216 | IN | |
Nov 21, 2024 11:03:20.790923119 CET | 305 | OUT | |
Nov 21, 2024 11:03:21.105190992 CET | 216 | IN | |
Nov 21, 2024 11:03:30.287882090 CET | 305 | OUT | |
Nov 21, 2024 11:03:30.601948023 CET | 216 | IN | |
Nov 21, 2024 11:03:32.532304049 CET | 305 | OUT | |
Nov 21, 2024 11:03:32.846936941 CET | 216 | IN | |
Nov 21, 2024 11:03:33.214147091 CET | 305 | OUT | |
Nov 21, 2024 11:03:33.528429985 CET | 216 | IN | |
Nov 21, 2024 11:03:34.398058891 CET | 305 | OUT | |
Nov 21, 2024 11:03:34.712496996 CET | 216 | IN | |
Nov 21, 2024 11:03:44.160708904 CET | 305 | OUT | |
Nov 21, 2024 11:03:44.476152897 CET | 216 | IN | |
Nov 21, 2024 11:03:45.765314102 CET | 305 | OUT | |
Nov 21, 2024 11:03:46.081357002 CET | 216 | IN | |
Nov 21, 2024 11:03:47.258567095 CET | 305 | OUT | |
Nov 21, 2024 11:03:47.573082924 CET | 216 | IN | |
Nov 21, 2024 11:03:55.992723942 CET | 305 | OUT | |
Nov 21, 2024 11:03:56.307394981 CET | 216 | IN | |
Nov 21, 2024 11:04:05.458458900 CET | 305 | OUT | |
Nov 21, 2024 11:04:05.772994995 CET | 216 | IN | |
Nov 21, 2024 11:04:15.775417089 CET | 6 | OUT | |
Nov 21, 2024 11:04:16.169900894 CET | 305 | OUT | |
Nov 21, 2024 11:04:16.484133005 CET | 216 | IN | |
Nov 21, 2024 11:04:17.434472084 CET | 305 | OUT | |
Nov 21, 2024 11:04:17.749044895 CET | 216 | IN | |
Nov 21, 2024 11:04:27.762386084 CET | 6 | OUT | |
Nov 21, 2024 11:04:37.890644073 CET | 6 | OUT | |
Nov 21, 2024 11:04:46.979661942 CET | 305 | OUT | |
Nov 21, 2024 11:04:47.294392109 CET | 216 | IN | |
Nov 21, 2024 11:04:57.306303978 CET | 6 | OUT | |
Nov 21, 2024 11:05:07.435841084 CET | 6 | OUT | |
Nov 21, 2024 11:05:17.557277918 CET | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 49751 | 34.107.221.82 | 80 | 4540 | C:\Program Files\Mozilla Firefox\firefox.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Nov 21, 2024 11:03:19.598252058 CET | 303 | OUT | |
Nov 21, 2024 11:03:20.775091887 CET | 298 | IN | |
Nov 21, 2024 11:03:23.684149981 CET | 303 | OUT | |
Nov 21, 2024 11:03:24.018027067 CET | 298 | IN | |
Nov 21, 2024 11:03:30.471613884 CET | 303 | OUT | |
Nov 21, 2024 11:03:30.805439949 CET | 298 | IN | |
Nov 21, 2024 11:03:32.628591061 CET | 303 | OUT | |
Nov 21, 2024 11:03:32.961587906 CET | 298 | IN | |
Nov 21, 2024 11:03:34.059089899 CET | 303 | OUT | |
Nov 21, 2024 11:03:34.391825914 CET | 298 | IN | |
Nov 21, 2024 11:03:43.817053080 CET | 303 | OUT | |
Nov 21, 2024 11:03:44.150191069 CET | 298 | IN | |
Nov 21, 2024 11:03:45.428658009 CET | 303 | OUT | |
Nov 21, 2024 11:03:45.761529922 CET | 298 | IN | |
Nov 21, 2024 11:03:46.921108961 CET | 303 | OUT | |
Nov 21, 2024 11:03:47.255635023 CET | 298 | IN | |
Nov 21, 2024 11:03:55.656687021 CET | 303 | OUT | |
Nov 21, 2024 11:03:55.989659071 CET | 298 | IN | |
Nov 21, 2024 11:04:05.122148991 CET | 303 | OUT | |
Nov 21, 2024 11:04:05.455348969 CET | 298 | IN | |
Nov 21, 2024 11:04:15.458947897 CET | 6 | OUT | |
Nov 21, 2024 11:04:15.833816051 CET | 303 | OUT | |
Nov 21, 2024 11:04:16.166733980 CET | 298 | IN | |
Nov 21, 2024 11:04:17.098212957 CET | 303 | OUT | |
Nov 21, 2024 11:04:17.431346893 CET | 298 | IN | |
Nov 21, 2024 11:04:27.439296961 CET | 6 | OUT | |
Nov 21, 2024 11:04:37.567406893 CET | 6 | OUT | |
Nov 21, 2024 11:04:46.642787933 CET | 303 | OUT | |
Nov 21, 2024 11:04:46.975492001 CET | 298 | IN | |
Nov 21, 2024 11:04:56.989860058 CET | 6 | OUT | |
Nov 21, 2024 11:05:07.119302988 CET | 6 | OUT | |
Nov 21, 2024 11:05:17.240719080 CET | 6 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 05:03:07 |
Start date: | 21/11/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x680000 |
File size: | 922'624 bytes |
MD5 hash: | A946E9443C4FBB7CBFBCA8667C099696 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 05:03:08 |
Start date: | 21/11/2024 |
Path: | C:\Windows\SysWOW64\taskkill.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf70000 |
File size: | 74'240 bytes |
MD5 hash: | CA313FD7E6C2A778FFD21CFB5C1C56CD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 05:03:08 |
Start date: | 21/11/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 05:03:10 |
Start date: | 21/11/2024 |
Path: | C:\Windows\SysWOW64\taskkill.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf70000 |
File size: | 74'240 bytes |
MD5 hash: | CA313FD7E6C2A778FFD21CFB5C1C56CD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 05:03:10 |
Start date: | 21/11/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 05:03:10 |
Start date: | 21/11/2024 |
Path: | C:\Windows\SysWOW64\taskkill.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf70000 |
File size: | 74'240 bytes |
MD5 hash: | CA313FD7E6C2A778FFD21CFB5C1C56CD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 05:03:10 |
Start date: | 21/11/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 05:03:10 |
Start date: | 21/11/2024 |
Path: | C:\Windows\SysWOW64\taskkill.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf70000 |
File size: | 74'240 bytes |
MD5 hash: | CA313FD7E6C2A778FFD21CFB5C1C56CD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 05:03:10 |
Start date: | 21/11/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 05:03:11 |
Start date: | 21/11/2024 |
Path: | C:\Windows\SysWOW64\taskkill.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf70000 |
File size: | 74'240 bytes |
MD5 hash: | CA313FD7E6C2A778FFD21CFB5C1C56CD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 05:03:11 |
Start date: | 21/11/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 12 |
Start time: | 05:03:11 |
Start date: | 21/11/2024 |
Path: | C:\Program Files\Mozilla Firefox\firefox.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff728280000 |
File size: | 676'768 bytes |
MD5 hash: | C86B1BE9ED6496FE0E0CBE73F81D8045 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 13 |
Start time: | 05:03:11 |
Start date: | 21/11/2024 |
Path: | C:\Program Files\Mozilla Firefox\firefox.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 676'768 bytes |
MD5 hash: | C86B1BE9ED6496FE0E0CBE73F81D8045 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | true |
Target ID: | 14 |
Start time: | 05:03:11 |
Start date: | 21/11/2024 |
Path: | C:\Program Files\Mozilla Firefox\firefox.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff728280000 |
File size: | 676'768 bytes |
MD5 hash: | C86B1BE9ED6496FE0E0CBE73F81D8045 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | false |
Target ID: | 16 |
Start time: | 05:03:12 |
Start date: | 21/11/2024 |
Path: | C:\Program Files\Mozilla Firefox\firefox.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff728280000 |
File size: | 676'768 bytes |
MD5 hash: | C86B1BE9ED6496FE0E0CBE73F81D8045 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | false |
Target ID: | 18 |
Start time: | 05:03:14 |
Start date: | 21/11/2024 |
Path: | C:\Program Files\Mozilla Firefox\firefox.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff728280000 |
File size: | 676'768 bytes |
MD5 hash: | C86B1BE9ED6496FE0E0CBE73F81D8045 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | false |
Target ID: | 19 |
Start time: | 05:03:19 |
Start date: | 21/11/2024 |
Path: | C:\Program Files\Mozilla Firefox\firefox.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff728280000 |
File size: | 676'768 bytes |
MD5 hash: | C86B1BE9ED6496FE0E0CBE73F81D8045 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Has exited: | false |
Execution Graph
Execution Coverage: | 2.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 6.7% |
Total number of Nodes: | 1580 |
Total number of Limit Nodes: | 54 |
Graph
Function 006842DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006ED4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0068BF40 Relevance: 2.4, Strings: 1, Instructions: 1178COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0068D730 Relevance: 21.6, APIs: 14, Instructions: 623windowsleeptimeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00682CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0068344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00682B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00683170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00683B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00683923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006810F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00683837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0068ACEB Relevance: 1.6, APIs: 1, Instructions: 114COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00684ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006AE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00684F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00712A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006830F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00682DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00682B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00681CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00719576 Relevance: 74.1, APIs: 39, Strings: 3, Instructions: 625windowkeyboardCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00714873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0069F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006ED076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006FED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006EE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006ED3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 007022DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0069997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00711C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00688060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E8298 Relevance: 6.6, APIs: 1, Strings: 3, Instructions: 568stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006ED5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006ACAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0068CAF0 Relevance: 3.2, Strings: 2, Instructions: 659COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0069B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006A09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006A781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F2046 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B6DD9 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0069CC39 Relevance: .6, Instructions: 635COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00687920 Relevance: .6, Instructions: 563COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006891C0 Relevance: .5, Instructions: 475COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B9EEE Relevance: .3, Instructions: 294COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006A7A4A Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006A7CA7 Relevance: .2, Instructions: 237COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0069D07D Relevance: .2, Instructions: 167COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00702ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 007170D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00702711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00710FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00710241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00698891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0070C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0071091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0071833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006FFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0071911E Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 181windowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00703FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0068326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00716CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006FC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0070B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0070255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00718D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006EBF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0070CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006EE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00698BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00699838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B8D45 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00703C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0070055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0070372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00718B02 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 149windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00713C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00685BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006FC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00713886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006EBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006EC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006EDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006EED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0069F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00712D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006C1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0069948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006ECF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00712DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 007140AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006EDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00685D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006DF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0069920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 007181DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00718A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006D7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006EC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00713D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00712F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006A4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006DD3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00684E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00684E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0070A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00716B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00715706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00700930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00699639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006EE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006995C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B5AA9 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 186COMMONLIBRARYCODE
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B8A61 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 124COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006EC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E6E71 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0070304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00713EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00714653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 007137B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 007141EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00715882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0070342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00716278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006BB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 007152C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00717674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 007116DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00718FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006ED2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00712782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00717CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00715660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006EE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006AD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00719EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0068600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006B3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006EB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00717E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00718863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006998B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006DD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006DD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006F4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0069F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006FD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00714537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 007131EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006FCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00713429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00718172 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40processCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 006E0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00712356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00712322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|