Windows
Analysis Report
yUgCaQhCIc.exe
Overview
General Information
Sample name: | yUgCaQhCIc.exerenamed because original name is a hash value |
Original sample name: | virussign.com_5da47991f8da648663063560b0182040.exe |
Analysis ID: | 1638022 |
MD5: | 5da47991f8da648663063560b0182040 |
SHA1: | a23ba563cd76be2e6324733fd93725365e1af593 |
SHA256: | faa5c705f7a92dbc2bedd76bb8eb4f0f002389d16d1362ebee36eeffcf969a87 |
Tags: | adwareexeuser-2huMarisa |
Infos: | |
Detection
Score: | 60 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
yUgCaQhCIc.exe (PID: 8024 cmdline:
"C:\Users\ user\Deskt op\yUgCaQh CIc.exe" MD5: 5DA47991F8DA648663063560B0182040) chrome.exe (PID: 7380 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized --sin gle-argume nt http:// pf.toggle. com/s/2/7/ 27628-2485 67-nero-bu rning-rom. exe?iv=201 2102621&t= 1741918519 MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 6880 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=1952,i ,111987659 4273137017 3,63950024 9466012606 8,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --var iations-se ed-version =20250306- 183004.429 000 --mojo -platform- channel-ha ndle=2092 /prefetch: 3 MD5: E81F54E6C1129887AEA47E7D092680BF) chrome.exe (PID: 6848 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= printing.m ojom.Unsan dboxedPrin tBackendHo st --lang= en-US --se rvice-sand box-type=n one --no-p re-read-ma in-dll --f ield-trial -handle=19 52,i,11198 7659427313 70173,6395 0024946601 26068,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction - -variation s-seed-ver sion=20250 306-183004 .429000 -- mojo-platf orm-channe l-handle=5 044 /prefe tch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
- cleanup
- • AV Detection
- • Compliance
- • Spreading
- • Networking
- • Key, Mouse, Clipboard, Microphone and Screen Capturing
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00405D07 | |
Source: | Code function: | 0_2_00405331 | |
Source: | Code function: | 0_2_0040263E |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Code function: | 0_2_00404EE8 |
Source: | Code function: | 0_2_004030FA |
Source: | File created: | Jump to behavior |
Source: | File deleted: | Jump to behavior |
Source: | Code function: | 0_2_00406128 | |
Source: | Code function: | 0_2_004046F9 | |
Source: | Code function: | 0_2_004068FF |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_004041FC |
Source: | Code function: | 0_2_00402020 |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File written: | Jump to behavior |
Source: | Window detected: |
Source: | Code function: | 0_2_00405D2E |
Persistence and Installation Behavior |
---|
Source: | Joe Sandbox AI: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Code function: | 0_2_00405D07 | |
Source: | Code function: | 0_2_00405331 | |
Source: | Code function: | 0_2_0040263E |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-3191 |
Source: | Code function: | 0_2_00405D2E |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00405A2E |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Archive Collected Data | 12 Encrypted Channel | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 11 Process Injection | LSASS Memory | 3 File and Directory Discovery | Remote Desktop Protocol | 1 Clipboard Data | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | 3 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 File Deletion | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
66% | Virustotal | Browse | ||
68% | ReversingLabs | Win32.Adware.Coupish | ||
100% | Avira | ADWARE/Adware.Gen4 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
beacons3.gvt2.com | 142.250.186.35 | true | false | high | |
google.com | 142.250.185.78 | true | false | high | |
beacons-handoff.gcp.gvt2.com | 142.251.143.67 | true | false | high | |
www.google.com | 216.58.212.164 | true | false | high | |
beacons2.gvt2.com | 216.239.32.3 | true | false | high | |
beacons.gvt2.com | 142.250.180.99 | true | false | high | |
beacons6.gvt2.com | 216.58.206.35 | true | false | high | |
download.toggle.com | unknown | unknown | false | unknown | |
beacons.gcp.gvt2.com | unknown | unknown | false | high | |
pf.toggle.com | unknown | unknown | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
216.58.212.164 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1638022 |
Start date and time: | 2025-03-14 03:14:17 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | yUgCaQhCIc.exerenamed because original name is a hash value |
Original Sample Name: | virussign.com_5da47991f8da648663063560b0182040.exe |
Detection: | MAL |
Classification: | mal60.winEXE@26/10@57/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, B ackgroundTransferHost.exe, WMI ADAP.exe, SIHClient.exe, backg roundTaskHost.exe, conhost.exe , svchost.exe - Excluded IPs from analysis (wh
itelisted): 142.250.185.206, 1 42.250.184.227, 142.250.185.14 2, 74.125.133.84, 216.58.206.6 7, 74.125.206.84, 216.58.206.7 8, 142.250.186.46 - Excluded domains from analysis
(whitelisted): clients1.googl e.com, ev2-ring.msedge.net, ac counts.google.com, slscr.updat e.microsoft.com, clientservice s.googleapis.com, g.bing.com, fe3cr.delivery.mp.microsoft.co m, c2a9c95e369881c67228a6591ca c2686.clo.footprintdns.com, ax -ring.msedge.net, clients2.goo gle.com, edgedl.me.gvt1.com, u pdate.googleapis.com, clients. l.google.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - Report size getting too big, t
oo many NtOpenKeyEx calls foun d. - Report size getting too big, t
oo many NtProtectVirtualMemory calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
beacons3.gvt2.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Invisible JS, Tycoon2FA | Browse |
| ||
Get hash | malicious | HTMLPhisher, Mamba2FA | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
beacons-handoff.gcp.gvt2.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
google.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
beacons2.gvt2.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nsr39C2.tmp\InstallOptions.dll | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
C:\Users\user\AppData\Local\Temp\nsr39C2.tmp\BrandingURL.dll | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Process: | C:\Users\user\Desktop\yUgCaQhCIc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 3.904876158695173 |
Encrypted: | false |
SSDEEP: | 48:qnMpjVitCGEuR+BrUtDQbfwz3Aa3MAAZHMAAJb/Jb9W/Boj:zAwDlUSbIz3Aa33AZH3A5BZW/Boj |
MD5: | 71C46B663BAA92AD941388D082AF97E7 |
SHA1: | 5A9FCCE065366A526D75CC5DED9AADE7CADD6421 |
SHA-256: | BB2B9C272B8B66BC1B414675C2ACBA7AFAD03FFF66A63BABEE3EE57ED163D19E |
SHA-512: | 5965BD3F5369B9A1ED641C479F7B8A14AF27700D0C27D482AA8EB62ACC42F7B702B5947D82F9791B29BCBA4D46E1409244F0A8DDCE4EC75022B5E27F6D671BCE |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: | |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\yUgCaQhCIc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14848 |
Entropy (8bit): | 5.550299117674118 |
Encrypted: | false |
SSDEEP: | 192:86d+dHXLHQOPiY53uiUdigyU+WsPdc/A1A+2jwK72dwF7dBEnbok:86UdHXcIiY535zBt2jw+BEnbo |
MD5: | 325B008AEC81E5AAA57096F05D4212B5 |
SHA1: | 27A2D89747A20305B6518438EFF5B9F57F7DF5C3 |
SHA-256: | C9CD5C9609E70005926AE5171726A4142FFBCCCC771D307EFCD195DAFC1E6B4B |
SHA-512: | 18362B3AEE529A27E85CC087627ECF6E2D21196D725F499C4A185CB3A380999F43FF1833A8EBEC3F5BA1D3A113EF83185770E663854121F2D8B885790115AFDF |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\yUgCaQhCIc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5632 |
Entropy (8bit): | 3.951555564830228 |
Encrypted: | false |
SSDEEP: | 48:iV6pAvmNC6iMPUptxEZK65x/AmvycNSmwVsOYJyvrpXptp/JvR0Jlof5d2:2811GED5ZTvycNSmwVsTJuftpZR0Sd2 |
MD5: | 9384F4007C492D4FA040924F31C00166 |
SHA1: | ABA37FAEF30D7C445584C688A0B5638F5DB31C7B |
SHA-256: | 60A964095AF1BE79F6A99B22212FEFE2D16F5A0AFD7E707D14394E4143E3F4F5 |
SHA-512: | 68F158887E24302673227ADFFC688FD3EDABF097D7F5410F983E06C6B9C7344CA1D8A45C7FA05553ADCC5987993DF3A298763477168D4842E554C4EB93B9AAAF |
Malicious: | false |
Antivirus: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\yUgCaQhCIc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14848 |
Entropy (8bit): | 6.054982561433298 |
Encrypted: | false |
SSDEEP: | 192:tUZTobBDJ68r67wmsvJI5ad9cXzFOVu+mZ/P3p+57CvpVqDxVp01Dwn2GRPgsfA:6Bo/680dCI5adOjFOg9//p27uNw2Go |
MD5: | A5F8399A743AB7F9C88C645C35B1EBB5 |
SHA1: | 168F3C158913B0367BF79FA413357FBE97018191 |
SHA-256: | DACC88A12D3BA438FDAE3535DC7A5A1D389BCE13ADC993706424874A782E51C9 |
SHA-512: | 824E567F5211BF09C7912537C7836D761B0934207612808E9A191F980375C6A97383DBC6B4A7121C6B5F508CBFD7542A781D6B6B196CA24841F73892EEC5E977 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\yUgCaQhCIc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11264 |
Entropy (8bit): | 5.568877095847681 |
Encrypted: | false |
SSDEEP: | 192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw |
MD5: | C17103AE9072A06DA581DEC998343FC1 |
SHA1: | B72148C6BDFAADA8B8C3F950E610EE7CF1DA1F8D |
SHA-256: | DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F |
SHA-512: | D32A71AAEF18E993F28096D536E41C4D016850721B31171513CE28BBD805A54FD290B7C3E9D935F72E676A1ACFB4F0DCC89D95040A0DD29F2B6975855C18986F |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\yUgCaQhCIc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 17408 |
Entropy (8bit): | 6.099808235627472 |
Encrypted: | false |
SSDEEP: | 384:w9JzaeWrF8d22hXAGFkr2WqErkuCYMAWS5Ns8AXXki:wLaBrrTXr3qruCYuS5qk |
MD5: | 09CAF01BC8D88EEB733ABC161ACFF659 |
SHA1: | B8C2126D641F88628C632DD2259686DA3776A6DA |
SHA-256: | 3555AFE95E8BB269240A21520361677B280562B802978FCCFB27490C79B9A478 |
SHA-512: | EF1E8FC4FC8F5609483B2C459D00A47036699DFB70B6BE6F10A30C5D2FC66BAE174345BFFA9A44ABD9CA029E609FF834D701FF6A769CCA09FE5562365D5010FA |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\yUgCaQhCIc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20480 |
Entropy (8bit): | 5.684576361538191 |
Encrypted: | false |
SSDEEP: | 384:jQB2ZUVHUxgoJX0eBA6PcH85db+ya9cC0Ac9khYLMkIX0+G5xgZmT+m//a:j/UFeJ5S6PHLNa9cFam/ |
MD5: | 50FDADDA3E993688401F6F1108FABDB4 |
SHA1: | 04A9AE55D0FB726BE49809582CEA41D75BF22A9A |
SHA-256: | 6D6DDC0D2B7D59EB91BE44939457858CED5EB23CF4AA93EF33BB600EB28DE6F6 |
SHA-512: | E9628870FEEA8C3AAEFE22A2AF41CF34B1C1778C4A0E81D069F50553CE1A23F68A0BA74B296420B2BE92425D4995A43E51C018C2E8197EC2EC39305E87C56BE8 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\yUgCaQhCIc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1086 |
Entropy (8bit): | 5.030819664305184 |
Encrypted: | false |
SSDEEP: | 24:yTdRvA4ehH16fL1Z7CYOJacm/iR5WvEGLOo:UXeB0zrCYOkninGLD |
MD5: | 0C19DA8182AEE330F78EC7FE6F37C576 |
SHA1: | 9EBF124927BECF7F315CCBBDD0E5BE4F356FD3B3 |
SHA-256: | 04A00D01021ADA2D735EFC977F4AA349CAE9F2202566F3081B963E71F734F16E |
SHA-512: | 865802732FDE7E110DBA0E8D5D1044566F7E31F5D020006DD21567E68609ED549074DAA1F301BFEE4026CEDDD564DD9315D1A372E158C1F389A28FA8F0A0CADA |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\yUgCaQhCIc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 52576 |
Entropy (8bit): | 7.181750725113967 |
Encrypted: | false |
SSDEEP: | 384:0b5ZBhNII36iwq7VzVpaHsA2vxM+5GVTfoeydiszl:2XR360JzVpaHsAI75GRfovcs5 |
MD5: | 9E4CD80A60DB6947642677BF31A10906 |
SHA1: | FEEDC432DF18B13FFBA2B7478347D885861701FA |
SHA-256: | A7B2F12E01CBEA88D4F645F797F2CA6107D76AE13CD1BE6DC532B759BFE0D925 |
SHA-512: | A02AE76B7A5DF03A149A0B9C9EFD314B8646B829B930233D0CEA8B619B21720B383F92BE95838310E7F1C4183D256823A96E48866B65AC7D2141ED4254AE471A |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\yUgCaQhCIc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1017 |
Entropy (8bit): | 4.999544240031993 |
Encrypted: | false |
SSDEEP: | 24:44vkCYb2ilaRA1ObQJogNobwxzffNU1hok:1uioaRUOs3Ywx7Fw |
MD5: | F8457FFA09847C92DD2987F4A4D410C5 |
SHA1: | 6E56AC6D1B5D24E4BD9DACC424800684AE614E48 |
SHA-256: | 2594C5CD66BB413435A9B66E5F66C7D84B1958FEF8A0F94D0D2DE43BC884F0CD |
SHA-512: | EBD522449391E99EAA79610553020A14466D51106ED591EF015D012117A5B5586E119E80D1D28C17DC0EF64472E5D3B4D603C662DCDF78160E51C70EEEC0FCA0 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.069988993142582 |
TrID: |
|
File name: | yUgCaQhCIc.exe |
File size: | 509'160 bytes |
MD5: | 5da47991f8da648663063560b0182040 |
SHA1: | a23ba563cd76be2e6324733fd93725365e1af593 |
SHA256: | faa5c705f7a92dbc2bedd76bb8eb4f0f002389d16d1362ebee36eeffcf969a87 |
SHA512: | 300346f9217da6ae844552e549c7d383057dcfc71ea097abebd804887caa6d89da3aa5159fa13208a14588c7baf668217e17fd224f00621769f1d4e5d9e66c28 |
SSDEEP: | 6144:+e34R2aWNzh36dqXEVTrnCRZG/t7FTBqTzP7n7O7L6K2Bfo7pu:w2Zzh36VVTGf0ZTsnz7O7L6ju7pu |
TLSH: | 52B48D70BA40E87EC35C88389055DB5997F954B1AF9000A3333E6A8D1E792A25D67FCF |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i........................PE..L......K.................^......... |
Icon Hash: | 0771ccf8d84d2907 |
Entrypoint: | 0x4030fa |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x4B1AE3CC [Sat Dec 5 22:50:52 2009 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 7fa974366048f9c551ef45714595665e |
Signature Valid: | false |
Signature Issuer: | CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US |
Signature Validation Error: | A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file |
Error Number: | -2146762495 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | A8CDD9736D88F45575E5B95637CDC8D0 |
Thumbprint SHA-1: | E848EDD1A697C297A97C9ABDCF563CDBFF870AC1 |
Thumbprint SHA-256: | 70B243B6B417FB12B43B10F2A41353EBBF4E0CE0C6D5D90090A368ABD4190695 |
Serial: | 1E478AE33382A025ECAE98EF6ADEE5BB |
Instruction |
---|
sub esp, 00000180h |
push ebx |
push ebp |
push esi |
xor ebx, ebx |
push edi |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 00409160h |
xor esi, esi |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [00407030h] |
push 00008001h |
call dword ptr [004070B0h] |
push ebx |
call dword ptr [0040727Ch] |
push 00000008h |
mov dword ptr [0042EC18h], eax |
call 00007FD9553CDB36h |
mov dword ptr [0042EB64h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 00000160h |
push eax |
push ebx |
push 00428F98h |
call dword ptr [00407158h] |
push 00409154h |
push 0042E360h |
call 00007FD9553CD7E9h |
call dword ptr [004070ACh] |
mov edi, 00434000h |
push eax |
push edi |
call 00007FD9553CD7D7h |
push ebx |
call dword ptr [0040710Ch] |
cmp byte ptr [00434000h], 00000022h |
mov dword ptr [0042EB60h], eax |
mov eax, edi |
jne 00007FD9553CAF4Ch |
mov byte ptr [esp+14h], 00000022h |
mov eax, 00434001h |
push dword ptr [esp+14h] |
push eax |
call 00007FD9553CD2CAh |
push eax |
call dword ptr [0040721Ch] |
mov dword ptr [esp+1Ch], eax |
jmp 00007FD9553CAFA5h |
cmp cl, 00000020h |
jne 00007FD9553CAF48h |
inc eax |
cmp byte ptr [eax], 00000020h |
je 00007FD9553CAF3Ch |
cmp byte ptr [eax], 00000022h |
mov byte ptr [eax+eax+00h], 00000000h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x74b0 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4b000 | 0x40a0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x7b550 | 0xf98 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x28c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5c4c | 0x5e00 | 856b32eb77dfd6fb67f21d6543272da5 | False | 0.6697140957446809 | data | 6.440105549497952 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x129c | 0x1400 | dc77f8a1e6985a4361c55642680ddb4f | False | 0.43359375 | data | 5.046835307909969 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x25c58 | 0x400 | 7922d4ce117d7d5b3ac2cffe4b0b5e4f | False | 0.5849609375 | data | 4.801003752715384 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x2f000 | 0x1c000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x4b000 | 0x40a0 | 0x4200 | cf27236773cd963031f4b0529156af5f | False | 0.6234019886363636 | data | 5.9631815145141 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x4b2b0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.7213883677298312 |
RT_ICON | 0x4c358 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2688, 256 important colors | English | United States | 0.6751066098081023 |
RT_ICON | 0x4d200 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152, 256 important colors | English | United States | 0.7851985559566786 |
RT_ICON | 0x4daa8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colors | English | United States | 0.6560693641618497 |
RT_ICON | 0x4e010 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.8031914893617021 |
RT_ICON | 0x4e478 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.3118279569892473 |
RT_ICON | 0x4e760 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | United States | 0.36824324324324326 |
RT_DIALOG | 0x4e888 | 0x202 | data | English | United States | 0.38910505836575876 |
RT_DIALOG | 0x4ea90 | 0xf8 | data | English | United States | 0.6290322580645161 |
RT_DIALOG | 0x4eb88 | 0xee | data | English | United States | 0.6260504201680672 |
RT_GROUP_ICON | 0x4ec78 | 0x68 | data | English | United States | 0.6634615384615384 |
RT_MANIFEST | 0x4ece0 | 0x3c0 | XML 1.0 document, ASCII text, with very long lines (960), with no line terminators | English | United States | 0.5197916666666667 |
DLL | Import |
---|---|
KERNEL32.dll | CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA |
USER32.dll | EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow |
GDI32.dll | SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject |
SHELL32.dll | SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation |
ADVAPI32.dll | RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance |
VERSION.dll | GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Download Network PCAP: filtered – full
- Total Packets: 236
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 14, 2025 03:15:09.163387060 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 14, 2025 03:15:11.569797039 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 14, 2025 03:15:16.382087946 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 14, 2025 03:15:17.663455963 CET | 49672 | 443 | 192.168.2.5 | 204.79.197.203 |
Mar 14, 2025 03:15:25.991816044 CET | 49676 | 443 | 192.168.2.5 | 20.189.173.14 |
Mar 14, 2025 03:15:26.625998974 CET | 58546 | 443 | 192.168.2.5 | 216.58.212.164 |
Mar 14, 2025 03:15:26.626048088 CET | 443 | 58546 | 216.58.212.164 | 192.168.2.5 |
Mar 14, 2025 03:15:26.626102924 CET | 58546 | 443 | 192.168.2.5 | 216.58.212.164 |
Mar 14, 2025 03:15:26.626494884 CET | 58546 | 443 | 192.168.2.5 | 216.58.212.164 |
Mar 14, 2025 03:15:26.626513004 CET | 443 | 58546 | 216.58.212.164 | 192.168.2.5 |
Mar 14, 2025 03:15:26.825311899 CET | 443 | 58546 | 216.58.212.164 | 192.168.2.5 |
Mar 14, 2025 03:15:26.826029062 CET | 58547 | 443 | 192.168.2.5 | 216.58.212.164 |
Mar 14, 2025 03:15:26.826087952 CET | 443 | 58547 | 216.58.212.164 | 192.168.2.5 |
Mar 14, 2025 03:15:26.826181889 CET | 58547 | 443 | 192.168.2.5 | 216.58.212.164 |
Mar 14, 2025 03:15:26.826574087 CET | 58547 | 443 | 192.168.2.5 | 216.58.212.164 |
Mar 14, 2025 03:15:26.826590061 CET | 443 | 58547 | 216.58.212.164 | 192.168.2.5 |
Mar 14, 2025 03:15:27.025101900 CET | 443 | 58547 | 216.58.212.164 | 192.168.2.5 |
Mar 14, 2025 03:15:30.488056898 CET | 49675 | 443 | 192.168.2.5 | 2.23.227.208 |
Mar 14, 2025 03:15:30.488133907 CET | 443 | 49675 | 2.23.227.208 | 192.168.2.5 |
Mar 14, 2025 03:15:30.597317934 CET | 58552 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.597362041 CET | 443 | 58552 | 150.171.27.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.597424030 CET | 58552 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.603605032 CET | 58552 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.603626013 CET | 443 | 58552 | 150.171.27.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.604336977 CET | 443 | 58552 | 150.171.27.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.610100985 CET | 58553 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.610142946 CET | 443 | 58553 | 150.171.27.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.610210896 CET | 58553 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.610980034 CET | 58553 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.610992908 CET | 443 | 58553 | 150.171.27.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.611494064 CET | 443 | 58553 | 150.171.27.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.629314899 CET | 58554 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.629352093 CET | 443 | 58554 | 150.171.27.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.629411936 CET | 58554 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.629555941 CET | 58554 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.629595995 CET | 443 | 58554 | 150.171.27.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.629643917 CET | 58554 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.662182093 CET | 58555 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.662225962 CET | 443 | 58555 | 150.171.27.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.662292004 CET | 58555 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.662733078 CET | 58555 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.662745953 CET | 443 | 58555 | 150.171.27.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.663276911 CET | 443 | 58555 | 150.171.27.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.664060116 CET | 58556 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.664082050 CET | 443 | 58556 | 150.171.27.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.664129019 CET | 58556 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.664549112 CET | 58556 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.664560080 CET | 443 | 58556 | 150.171.27.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.664948940 CET | 443 | 58556 | 150.171.27.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.665297985 CET | 58557 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.665314913 CET | 443 | 58557 | 150.171.27.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.665364027 CET | 58557 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.665564060 CET | 58557 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.665595055 CET | 443 | 58557 | 150.171.27.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.665635109 CET | 58557 | 443 | 192.168.2.5 | 150.171.27.254 |
Mar 14, 2025 03:15:30.679104090 CET | 58558 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.679138899 CET | 443 | 58558 | 150.171.31.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.679199934 CET | 58558 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.680682898 CET | 58558 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.680697918 CET | 443 | 58558 | 150.171.31.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.681157112 CET | 443 | 58558 | 150.171.31.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.681735039 CET | 58559 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.681767941 CET | 443 | 58559 | 150.171.31.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.681821108 CET | 58559 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.682145119 CET | 58559 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.682157993 CET | 443 | 58559 | 150.171.31.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.682540894 CET | 443 | 58559 | 150.171.31.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.682867050 CET | 58560 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.682877064 CET | 443 | 58560 | 150.171.31.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.682925940 CET | 58560 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.683056116 CET | 58560 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.683095932 CET | 443 | 58560 | 150.171.31.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.683141947 CET | 58560 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.686280966 CET | 58561 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.686295986 CET | 443 | 58561 | 150.171.31.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.686347961 CET | 58561 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.686700106 CET | 58561 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.686711073 CET | 443 | 58561 | 150.171.31.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.687103987 CET | 443 | 58561 | 150.171.31.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.687381029 CET | 58562 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.687428951 CET | 443 | 58562 | 150.171.31.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.687482119 CET | 58562 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.687792063 CET | 58562 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.687812090 CET | 443 | 58562 | 150.171.31.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.688153982 CET | 443 | 58562 | 150.171.31.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.688431025 CET | 58563 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.688442945 CET | 443 | 58563 | 150.171.31.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.688504934 CET | 58563 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.688551903 CET | 58563 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.688575029 CET | 443 | 58563 | 150.171.31.254 | 192.168.2.5 |
Mar 14, 2025 03:15:30.688618898 CET | 58563 | 443 | 192.168.2.5 | 150.171.31.254 |
Mar 14, 2025 03:15:30.693034887 CET | 49678 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:30.693075895 CET | 443 | 49678 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:30.693459034 CET | 58564 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:30.693495989 CET | 443 | 58564 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:30.693543911 CET | 58564 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:30.693996906 CET | 58564 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:30.694010973 CET | 443 | 58564 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:30.694387913 CET | 443 | 58564 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:30.695050001 CET | 58565 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:30.695059061 CET | 443 | 58565 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:30.695116043 CET | 58565 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:30.695322037 CET | 58565 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:30.695333958 CET | 443 | 58565 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:30.695683956 CET | 443 | 58565 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:30.696207047 CET | 58566 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:30.696239948 CET | 443 | 58566 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:30.696295023 CET | 58566 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:30.696336985 CET | 58566 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:30.696360111 CET | 443 | 58566 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:30.696398973 CET | 58566 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:32.676518917 CET | 58567 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:32.676579952 CET | 443 | 58567 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:32.676666021 CET | 58567 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:32.677004099 CET | 58567 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:32.677015066 CET | 443 | 58567 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:32.677704096 CET | 443 | 58567 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:32.678165913 CET | 58568 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:32.678201914 CET | 443 | 58568 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:32.678255081 CET | 58568 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:32.678533077 CET | 58568 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:32.678545952 CET | 443 | 58568 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:32.678957939 CET | 443 | 58568 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:32.679227114 CET | 58569 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:32.679266930 CET | 443 | 58569 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:32.679315090 CET | 58569 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:32.679399014 CET | 58569 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:32.679418087 CET | 443 | 58569 | 204.79.197.222 | 192.168.2.5 |
Mar 14, 2025 03:15:32.679460049 CET | 58569 | 443 | 192.168.2.5 | 204.79.197.222 |
Mar 14, 2025 03:15:32.862390995 CET | 58570 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:32.862427950 CET | 443 | 58570 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:32.862497091 CET | 58570 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:32.910939932 CET | 58570 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:32.910965919 CET | 443 | 58570 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:32.911715031 CET | 443 | 58570 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:32.954714060 CET | 58571 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:32.954777956 CET | 443 | 58571 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:32.954843998 CET | 58571 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:32.955234051 CET | 58571 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:32.955252886 CET | 443 | 58571 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:32.955979109 CET | 443 | 58571 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:32.986973047 CET | 58572 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:32.987010002 CET | 443 | 58572 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:32.987128019 CET | 58572 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:32.987545013 CET | 58572 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:32.987557888 CET | 443 | 58572 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:32.988034964 CET | 443 | 58572 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:33.009327888 CET | 58573 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:33.009362936 CET | 443 | 58573 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:33.009438992 CET | 58573 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:33.009773016 CET | 58573 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:33.009789944 CET | 443 | 58573 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:33.010251999 CET | 443 | 58573 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:33.044847965 CET | 58574 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:33.044872999 CET | 443 | 58574 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:33.045036077 CET | 58574 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:33.045468092 CET | 58574 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:33.045480013 CET | 443 | 58574 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:33.045949936 CET | 443 | 58574 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:33.065910101 CET | 58575 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:33.065942049 CET | 443 | 58575 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:33.066055059 CET | 58575 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:33.066488981 CET | 58575 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:33.066499949 CET | 443 | 58575 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:33.066909075 CET | 443 | 58575 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:33.105330944 CET | 58576 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:33.105376959 CET | 443 | 58576 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:33.105447054 CET | 58576 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:33.105750084 CET | 58576 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:33.105762005 CET | 443 | 58576 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:33.106184006 CET | 443 | 58576 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:33.127130985 CET | 58577 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:33.127156973 CET | 443 | 58577 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:33.127249956 CET | 58577 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:33.127605915 CET | 58577 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:15:33.127620935 CET | 443 | 58577 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:33.128046989 CET | 443 | 58577 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:15:35.782434940 CET | 58580 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 03:15:35.782469988 CET | 443 | 58580 | 150.171.28.10 | 192.168.2.5 |
Mar 14, 2025 03:15:35.782588005 CET | 58580 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 03:15:35.784569979 CET | 58580 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 03:15:35.784583092 CET | 443 | 58580 | 150.171.28.10 | 192.168.2.5 |
Mar 14, 2025 03:15:35.785177946 CET | 443 | 58580 | 150.171.28.10 | 192.168.2.5 |
Mar 14, 2025 03:15:35.785567999 CET | 58581 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 03:15:35.785604954 CET | 443 | 58581 | 150.171.28.10 | 192.168.2.5 |
Mar 14, 2025 03:15:35.785715103 CET | 58581 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 03:15:35.785921097 CET | 58581 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 03:15:35.785931110 CET | 443 | 58581 | 150.171.28.10 | 192.168.2.5 |
Mar 14, 2025 03:15:35.786308050 CET | 443 | 58581 | 150.171.28.10 | 192.168.2.5 |
Mar 14, 2025 03:15:35.786668062 CET | 58582 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 03:15:35.786705017 CET | 443 | 58582 | 150.171.28.10 | 192.168.2.5 |
Mar 14, 2025 03:15:35.786861897 CET | 58582 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 03:15:35.786910057 CET | 58582 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 03:15:35.786930084 CET | 443 | 58582 | 150.171.28.10 | 192.168.2.5 |
Mar 14, 2025 03:15:35.786974907 CET | 58582 | 443 | 192.168.2.5 | 150.171.28.10 |
Mar 14, 2025 03:15:59.149116039 CET | 58498 | 80 | 192.168.2.5 | 23.203.176.101 |
Mar 14, 2025 03:15:59.149183989 CET | 58500 | 80 | 192.168.2.5 | 184.30.131.114 |
Mar 14, 2025 03:15:59.149190903 CET | 58499 | 80 | 192.168.2.5 | 184.30.131.114 |
Mar 14, 2025 03:15:59.154217005 CET | 80 | 58498 | 23.203.176.101 | 192.168.2.5 |
Mar 14, 2025 03:15:59.154284000 CET | 58498 | 80 | 192.168.2.5 | 23.203.176.101 |
Mar 14, 2025 03:15:59.154838085 CET | 80 | 58500 | 184.30.131.114 | 192.168.2.5 |
Mar 14, 2025 03:15:59.154887915 CET | 58500 | 80 | 192.168.2.5 | 184.30.131.114 |
Mar 14, 2025 03:15:59.154905081 CET | 80 | 58499 | 184.30.131.114 | 192.168.2.5 |
Mar 14, 2025 03:15:59.154952049 CET | 58499 | 80 | 192.168.2.5 | 184.30.131.114 |
Mar 14, 2025 03:16:06.136387110 CET | 58517 | 443 | 192.168.2.5 | 184.86.251.27 |
Mar 14, 2025 03:16:06.136632919 CET | 58523 | 80 | 192.168.2.5 | 184.30.131.245 |
Mar 14, 2025 03:16:06.508131981 CET | 58516 | 80 | 192.168.2.5 | 88.221.110.91 |
Mar 14, 2025 03:16:06.508187056 CET | 58525 | 80 | 192.168.2.5 | 88.221.110.91 |
Mar 14, 2025 03:16:06.510839939 CET | 58518 | 80 | 192.168.2.5 | 172.217.16.131 |
Mar 14, 2025 03:16:06.515834093 CET | 80 | 58516 | 88.221.110.91 | 192.168.2.5 |
Mar 14, 2025 03:16:06.516014099 CET | 58516 | 80 | 192.168.2.5 | 88.221.110.91 |
Mar 14, 2025 03:16:06.516242027 CET | 80 | 58525 | 88.221.110.91 | 192.168.2.5 |
Mar 14, 2025 03:16:06.516459942 CET | 58525 | 80 | 192.168.2.5 | 88.221.110.91 |
Mar 14, 2025 03:16:06.517930031 CET | 80 | 58518 | 172.217.16.131 | 192.168.2.5 |
Mar 14, 2025 03:16:06.518831015 CET | 58518 | 80 | 192.168.2.5 | 172.217.16.131 |
Mar 14, 2025 03:16:09.481349945 CET | 58589 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.481400013 CET | 443 | 58589 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.481565952 CET | 58589 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.482064962 CET | 58589 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.482076883 CET | 443 | 58589 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.482690096 CET | 443 | 58589 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.509371996 CET | 58590 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.509422064 CET | 443 | 58590 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.509515047 CET | 58590 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.509834051 CET | 58590 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.509849072 CET | 443 | 58590 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.510226011 CET | 443 | 58590 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.536818981 CET | 58591 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.536853075 CET | 443 | 58591 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.536930084 CET | 58591 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.537292004 CET | 58591 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.537305117 CET | 443 | 58591 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.537623882 CET | 443 | 58591 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.554198980 CET | 58592 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.554209948 CET | 443 | 58592 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.554270983 CET | 58592 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.554627895 CET | 58592 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.554636955 CET | 443 | 58592 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.555010080 CET | 443 | 58592 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.596812963 CET | 58593 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.596868992 CET | 443 | 58593 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.596966028 CET | 58593 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.597404003 CET | 58593 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.597418070 CET | 443 | 58593 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.597762108 CET | 443 | 58593 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.613548994 CET | 58594 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.613605976 CET | 443 | 58594 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.613683939 CET | 58594 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.614070892 CET | 58594 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.614087105 CET | 443 | 58594 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.614474058 CET | 443 | 58594 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.647711992 CET | 58595 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.647739887 CET | 443 | 58595 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.647814035 CET | 58595 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.648140907 CET | 58595 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.648153067 CET | 443 | 58595 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.648493052 CET | 443 | 58595 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.670454979 CET | 58596 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.670478106 CET | 443 | 58596 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.670547009 CET | 58596 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.670918941 CET | 58596 | 443 | 192.168.2.5 | 4.175.87.197 |
Mar 14, 2025 03:16:09.670929909 CET | 443 | 58596 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:09.671258926 CET | 443 | 58596 | 4.175.87.197 | 192.168.2.5 |
Mar 14, 2025 03:16:26.680672884 CET | 58606 | 443 | 192.168.2.5 | 216.58.212.164 |
Mar 14, 2025 03:16:26.680716991 CET | 443 | 58606 | 216.58.212.164 | 192.168.2.5 |
Mar 14, 2025 03:16:26.680778980 CET | 58606 | 443 | 192.168.2.5 | 216.58.212.164 |
Mar 14, 2025 03:16:26.681106091 CET | 58606 | 443 | 192.168.2.5 | 216.58.212.164 |
Mar 14, 2025 03:16:26.681117058 CET | 443 | 58606 | 216.58.212.164 | 192.168.2.5 |
Mar 14, 2025 03:16:26.881050110 CET | 443 | 58606 | 216.58.212.164 | 192.168.2.5 |
Mar 14, 2025 03:16:26.881870985 CET | 58607 | 443 | 192.168.2.5 | 216.58.212.164 |
Mar 14, 2025 03:16:26.881912947 CET | 443 | 58607 | 216.58.212.164 | 192.168.2.5 |
Mar 14, 2025 03:16:26.881992102 CET | 58607 | 443 | 192.168.2.5 | 216.58.212.164 |
Mar 14, 2025 03:16:26.882332087 CET | 58607 | 443 | 192.168.2.5 | 216.58.212.164 |
Mar 14, 2025 03:16:26.882344961 CET | 443 | 58607 | 216.58.212.164 | 192.168.2.5 |
Mar 14, 2025 03:16:27.081847906 CET | 443 | 58607 | 216.58.212.164 | 192.168.2.5 |
Mar 14, 2025 03:16:51.476022959 CET | 58512 | 80 | 192.168.2.5 | 184.30.131.245 |
Mar 14, 2025 03:16:51.476025105 CET | 58503 | 443 | 192.168.2.5 | 20.190.159.64 |
Mar 14, 2025 03:16:51.476104975 CET | 58514 | 80 | 192.168.2.5 | 184.30.131.245 |
Mar 14, 2025 03:16:51.476119995 CET | 58506 | 443 | 192.168.2.5 | 20.190.159.64 |
Mar 14, 2025 03:16:51.476171017 CET | 58504 | 443 | 192.168.2.5 | 20.190.159.64 |
Mar 14, 2025 03:16:51.476177931 CET | 58515 | 80 | 192.168.2.5 | 184.30.131.245 |
Mar 14, 2025 03:16:51.476233006 CET | 58513 | 80 | 192.168.2.5 | 184.30.131.245 |
Mar 14, 2025 03:16:51.476233959 CET | 58505 | 443 | 192.168.2.5 | 20.190.159.64 |
Mar 14, 2025 03:16:51.476279020 CET | 58507 | 80 | 192.168.2.5 | 88.221.110.91 |
Mar 14, 2025 03:16:51.476330996 CET | 58508 | 80 | 192.168.2.5 | 88.221.110.91 |
Mar 14, 2025 03:16:51.476372004 CET | 58509 | 80 | 192.168.2.5 | 88.221.110.91 |
Mar 14, 2025 03:16:51.476413012 CET | 58510 | 80 | 192.168.2.5 | 88.221.110.91 |
Mar 14, 2025 03:16:51.480885029 CET | 80 | 58512 | 184.30.131.245 | 192.168.2.5 |
Mar 14, 2025 03:16:51.480954885 CET | 58512 | 80 | 192.168.2.5 | 184.30.131.245 |
Mar 14, 2025 03:16:51.482279062 CET | 443 | 58503 | 20.190.159.64 | 192.168.2.5 |
Mar 14, 2025 03:16:51.482351065 CET | 443 | 58506 | 20.190.159.64 | 192.168.2.5 |
Mar 14, 2025 03:16:51.482351065 CET | 58503 | 443 | 192.168.2.5 | 20.190.159.64 |
Mar 14, 2025 03:16:51.482362032 CET | 80 | 58514 | 184.30.131.245 | 192.168.2.5 |
Mar 14, 2025 03:16:51.482371092 CET | 443 | 58504 | 20.190.159.64 | 192.168.2.5 |
Mar 14, 2025 03:16:51.482383966 CET | 80 | 58515 | 184.30.131.245 | 192.168.2.5 |
Mar 14, 2025 03:16:51.482414007 CET | 58506 | 443 | 192.168.2.5 | 20.190.159.64 |
Mar 14, 2025 03:16:51.482420921 CET | 58514 | 80 | 192.168.2.5 | 184.30.131.245 |
Mar 14, 2025 03:16:51.482444048 CET | 443 | 58505 | 20.190.159.64 | 192.168.2.5 |
Mar 14, 2025 03:16:51.482449055 CET | 58504 | 443 | 192.168.2.5 | 20.190.159.64 |
Mar 14, 2025 03:16:51.482455015 CET | 80 | 58513 | 184.30.131.245 | 192.168.2.5 |
Mar 14, 2025 03:16:51.482461929 CET | 58515 | 80 | 192.168.2.5 | 184.30.131.245 |
Mar 14, 2025 03:16:51.482465029 CET | 80 | 58507 | 88.221.110.91 | 192.168.2.5 |
Mar 14, 2025 03:16:51.482502937 CET | 58505 | 443 | 192.168.2.5 | 20.190.159.64 |
Mar 14, 2025 03:16:51.482511997 CET | 58513 | 80 | 192.168.2.5 | 184.30.131.245 |
Mar 14, 2025 03:16:51.482526064 CET | 58507 | 80 | 192.168.2.5 | 88.221.110.91 |
Mar 14, 2025 03:16:51.482542038 CET | 80 | 58508 | 88.221.110.91 | 192.168.2.5 |
Mar 14, 2025 03:16:51.482552052 CET | 80 | 58509 | 88.221.110.91 | 192.168.2.5 |
Mar 14, 2025 03:16:51.482585907 CET | 58508 | 80 | 192.168.2.5 | 88.221.110.91 |
Mar 14, 2025 03:16:51.482599974 CET | 58509 | 80 | 192.168.2.5 | 88.221.110.91 |
Mar 14, 2025 03:16:51.485512018 CET | 80 | 58510 | 88.221.110.91 | 192.168.2.5 |
Mar 14, 2025 03:16:51.485579014 CET | 58510 | 80 | 192.168.2.5 | 88.221.110.91 |
Mar 14, 2025 03:16:54.840775967 CET | 58522 | 443 | 192.168.2.5 | 95.100.70.200 |
Mar 14, 2025 03:16:54.845773935 CET | 443 | 58522 | 95.100.70.200 | 192.168.2.5 |
Mar 14, 2025 03:16:54.845863104 CET | 58522 | 443 | 192.168.2.5 | 95.100.70.200 |
Mar 14, 2025 03:16:56.366710901 CET | 58526 | 443 | 192.168.2.5 | 95.100.70.200 |
Mar 14, 2025 03:16:56.371653080 CET | 443 | 58526 | 95.100.70.200 | 192.168.2.5 |
Mar 14, 2025 03:16:56.371805906 CET | 58526 | 443 | 192.168.2.5 | 95.100.70.200 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 14, 2025 03:15:14.964776993 CET | 49958 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:15:15.264983892 CET | 53 | 49958 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:19.860661030 CET | 53137 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:15:20.166873932 CET | 53 | 53137 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:20.829895020 CET | 59859 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:15:21.135047913 CET | 53 | 59859 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:22.745270967 CET | 59769 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:15:22.745466948 CET | 49454 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:15:22.755367041 CET | 53 | 51782 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:22.766645908 CET | 56347 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:15:22.766971111 CET | 53592 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:15:22.777095079 CET | 53 | 51141 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:22.887590885 CET | 53 | 56347 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:22.958163023 CET | 53 | 53592 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:23.044043064 CET | 53 | 49454 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:23.498348951 CET | 53 | 59769 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:23.529731035 CET | 49555 | 53 | 192.168.2.5 | 8.8.8.8 |
Mar 14, 2025 03:15:23.530112028 CET | 58742 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:15:23.536802053 CET | 53 | 58742 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:23.537969112 CET | 53 | 49555 | 8.8.8.8 | 192.168.2.5 |
Mar 14, 2025 03:15:24.545804977 CET | 55315 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:15:24.546878099 CET | 59202 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:15:25.306487083 CET | 53 | 55315 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:25.322149038 CET | 53 | 59202 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:25.343938112 CET | 57256 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:15:25.351205111 CET | 53 | 57256 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:26.617966890 CET | 64950 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:15:26.618110895 CET | 63676 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:15:26.624716997 CET | 53 | 63676 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:26.625142097 CET | 53 | 64950 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:30.366430044 CET | 65344 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:15:30.368498087 CET | 54843 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:15:30.657355070 CET | 53 | 54843 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:30.669070005 CET | 53 | 65344 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:15:30.669673920 CET | 53211 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:15:30.786345005 CET | 53 | 53211 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:00.805152893 CET | 51796 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:00.805681944 CET | 60263 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:00.834919930 CET | 53 | 51796 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:00.855663061 CET | 63488 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:00.984278917 CET | 53 | 63488 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:01.069494009 CET | 53 | 60263 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:10.309853077 CET | 138 | 138 | 192.168.2.5 | 192.168.2.255 |
Mar 14, 2025 03:16:21.848036051 CET | 53 | 55827 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:22.258670092 CET | 53 | 52339 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:25.006356001 CET | 53 | 62384 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:25.600832939 CET | 58718 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:25.601433992 CET | 54441 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:25.607650042 CET | 53 | 58718 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:25.609020948 CET | 53 | 54441 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:26.617157936 CET | 64968 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:26.617387056 CET | 64114 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:26.624516964 CET | 53 | 64114 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:26.624530077 CET | 53 | 64968 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:28.649167061 CET | 65045 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:28.655793905 CET | 53 | 65045 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:29.648024082 CET | 65045 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:29.654654026 CET | 53 | 65045 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:30.648092985 CET | 65045 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:30.655666113 CET | 53 | 65045 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:32.648684978 CET | 65045 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:32.655342102 CET | 53 | 65045 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:35.073980093 CET | 55639 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:35.882735014 CET | 53 | 55639 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:36.649220943 CET | 65045 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:36.656953096 CET | 53 | 65045 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:40.996323109 CET | 52120 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:40.996464968 CET | 52121 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:41.002969980 CET | 53 | 52120 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:41.003210068 CET | 53 | 52121 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:42.008470058 CET | 63374 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:42.015206099 CET | 53 | 63374 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:44.040020943 CET | 58806 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:44.046930075 CET | 53 | 58806 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:45.046279907 CET | 58806 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:45.052892923 CET | 53 | 58806 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:46.055119038 CET | 58806 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:46.062477112 CET | 53 | 58806 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:48.054909945 CET | 58806 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:48.061573029 CET | 53 | 58806 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:52.060384989 CET | 58806 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:52.067624092 CET | 53 | 58806 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:56.070322037 CET | 61841 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:56.563759089 CET | 53 | 61841 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:56.996674061 CET | 65280 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:56.996831894 CET | 62291 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:57.003637075 CET | 53 | 65280 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:57.004213095 CET | 53 | 62291 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:16:58.034878016 CET | 60146 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:16:58.041868925 CET | 53 | 60146 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:17:00.070868015 CET | 60232 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:17:00.077379942 CET | 53 | 60232 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:17:00.999180079 CET | 55495 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:17:00.999377012 CET | 49773 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:17:01.072144985 CET | 60232 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:17:01.079123974 CET | 53 | 60232 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:17:01.117578030 CET | 53 | 55495 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:17:01.149990082 CET | 52473 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:17:01.174298048 CET | 53 | 49773 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:17:01.403352022 CET | 53 | 52473 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:17:02.086262941 CET | 60232 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:17:02.092756987 CET | 53 | 60232 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:17:04.101401091 CET | 60232 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:17:04.108159065 CET | 53 | 60232 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:17:08.101166964 CET | 60232 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:17:08.107637882 CET | 53 | 60232 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:17:12.996423960 CET | 51697 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:17:12.996586084 CET | 50115 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:17:13.003863096 CET | 53 | 51697 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:17:13.003875017 CET | 53 | 50115 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:17:14.011300087 CET | 59406 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:17:14.018727064 CET | 53 | 59406 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:17:16.039084911 CET | 56962 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:17:16.045909882 CET | 53 | 56962 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:17:17.038602114 CET | 56962 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:17:17.045258999 CET | 53 | 56962 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:17:18.039849043 CET | 56962 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:17:18.046650887 CET | 53 | 56962 | 1.1.1.1 | 192.168.2.5 |
Mar 14, 2025 03:17:20.044713974 CET | 56962 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 14, 2025 03:17:20.051840067 CET | 53 | 56962 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Mar 14, 2025 03:15:22.958230019 CET | 192.168.2.5 | 1.1.1.1 | c23e | (Port unreachable) | Destination Unreachable |
Mar 14, 2025 03:16:01.069555998 CET | 192.168.2.5 | 1.1.1.1 | c23e | (Port unreachable) | Destination Unreachable |
Mar 14, 2025 03:17:01.174407005 CET | 192.168.2.5 | 1.1.1.1 | c23e | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 14, 2025 03:15:14.964776993 CET | 192.168.2.5 | 1.1.1.1 | 0x8383 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:19.860661030 CET | 192.168.2.5 | 1.1.1.1 | 0xe4a0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:20.829895020 CET | 192.168.2.5 | 1.1.1.1 | 0xc14 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:22.745270967 CET | 192.168.2.5 | 1.1.1.1 | 0x9747 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:22.745466948 CET | 192.168.2.5 | 1.1.1.1 | 0x1271 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:15:22.766645908 CET | 192.168.2.5 | 1.1.1.1 | 0x4cf8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:22.766971111 CET | 192.168.2.5 | 1.1.1.1 | 0xa676 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:15:23.529731035 CET | 192.168.2.5 | 8.8.8.8 | 0xb90a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:23.530112028 CET | 192.168.2.5 | 1.1.1.1 | 0xaff7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:24.545804977 CET | 192.168.2.5 | 1.1.1.1 | 0x113e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:24.546878099 CET | 192.168.2.5 | 1.1.1.1 | 0x331d | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:15:25.343938112 CET | 192.168.2.5 | 1.1.1.1 | 0x904b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:26.617966890 CET | 192.168.2.5 | 1.1.1.1 | 0xaf4c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:26.618110895 CET | 192.168.2.5 | 1.1.1.1 | 0x59b | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:15:30.366430044 CET | 192.168.2.5 | 1.1.1.1 | 0xed84 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:30.368498087 CET | 192.168.2.5 | 1.1.1.1 | 0x5755 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:15:30.669673920 CET | 192.168.2.5 | 1.1.1.1 | 0x7dd4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:00.805152893 CET | 192.168.2.5 | 1.1.1.1 | 0x86be | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:00.805681944 CET | 192.168.2.5 | 1.1.1.1 | 0xb0e3 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:16:00.855663061 CET | 192.168.2.5 | 1.1.1.1 | 0xc58 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:25.600832939 CET | 192.168.2.5 | 1.1.1.1 | 0xaad3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:25.601433992 CET | 192.168.2.5 | 1.1.1.1 | 0x3f4d | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:16:26.617157936 CET | 192.168.2.5 | 1.1.1.1 | 0xe56d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:26.617387056 CET | 192.168.2.5 | 1.1.1.1 | 0x39b8 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:16:28.649167061 CET | 192.168.2.5 | 1.1.1.1 | 0xe922 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:29.648024082 CET | 192.168.2.5 | 1.1.1.1 | 0xe922 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:30.648092985 CET | 192.168.2.5 | 1.1.1.1 | 0xe922 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:32.648684978 CET | 192.168.2.5 | 1.1.1.1 | 0xe922 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:35.073980093 CET | 192.168.2.5 | 1.1.1.1 | 0x1d1d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:36.649220943 CET | 192.168.2.5 | 1.1.1.1 | 0xe922 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:40.996323109 CET | 192.168.2.5 | 1.1.1.1 | 0x2e4a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:40.996464968 CET | 192.168.2.5 | 1.1.1.1 | 0xf807 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:16:42.008470058 CET | 192.168.2.5 | 1.1.1.1 | 0x8f93 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:44.040020943 CET | 192.168.2.5 | 1.1.1.1 | 0xf22e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:45.046279907 CET | 192.168.2.5 | 1.1.1.1 | 0xf22e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:46.055119038 CET | 192.168.2.5 | 1.1.1.1 | 0xf22e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:48.054909945 CET | 192.168.2.5 | 1.1.1.1 | 0xf22e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:52.060384989 CET | 192.168.2.5 | 1.1.1.1 | 0xf22e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:56.070322037 CET | 192.168.2.5 | 1.1.1.1 | 0x27d4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:56.996674061 CET | 192.168.2.5 | 1.1.1.1 | 0xa0dc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:56.996831894 CET | 192.168.2.5 | 1.1.1.1 | 0xe507 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:16:58.034878016 CET | 192.168.2.5 | 1.1.1.1 | 0x4395 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:17:00.070868015 CET | 192.168.2.5 | 1.1.1.1 | 0xbbd4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:17:00.999180079 CET | 192.168.2.5 | 1.1.1.1 | 0xb636 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:17:00.999377012 CET | 192.168.2.5 | 1.1.1.1 | 0xfd17 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:17:01.072144985 CET | 192.168.2.5 | 1.1.1.1 | 0xbbd4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:17:01.149990082 CET | 192.168.2.5 | 1.1.1.1 | 0x12a5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:17:02.086262941 CET | 192.168.2.5 | 1.1.1.1 | 0xbbd4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:17:04.101401091 CET | 192.168.2.5 | 1.1.1.1 | 0xbbd4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:17:08.101166964 CET | 192.168.2.5 | 1.1.1.1 | 0xbbd4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:17:12.996423960 CET | 192.168.2.5 | 1.1.1.1 | 0x4e81 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:17:12.996586084 CET | 192.168.2.5 | 1.1.1.1 | 0xa536 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:17:14.011300087 CET | 192.168.2.5 | 1.1.1.1 | 0x8d48 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:17:16.039084911 CET | 192.168.2.5 | 1.1.1.1 | 0xfdc9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:17:17.038602114 CET | 192.168.2.5 | 1.1.1.1 | 0xfdc9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:17:18.039849043 CET | 192.168.2.5 | 1.1.1.1 | 0xfdc9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:17:20.044713974 CET | 192.168.2.5 | 1.1.1.1 | 0xfdc9 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 14, 2025 03:15:15.264983892 CET | 1.1.1.1 | 192.168.2.5 | 0x8383 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:20.166873932 CET | 1.1.1.1 | 192.168.2.5 | 0xe4a0 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:21.135047913 CET | 1.1.1.1 | 192.168.2.5 | 0xc14 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:22.887590885 CET | 1.1.1.1 | 192.168.2.5 | 0x4cf8 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:22.958163023 CET | 1.1.1.1 | 192.168.2.5 | 0xa676 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:15:23.044043064 CET | 1.1.1.1 | 192.168.2.5 | 0x1271 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:15:23.498348951 CET | 1.1.1.1 | 192.168.2.5 | 0x9747 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:23.536802053 CET | 1.1.1.1 | 192.168.2.5 | 0xaff7 | No error (0) | 142.250.185.78 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:15:23.537969112 CET | 8.8.8.8 | 192.168.2.5 | 0xb90a | No error (0) | 142.251.36.78 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:15:25.306487083 CET | 1.1.1.1 | 192.168.2.5 | 0x113e | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:25.322149038 CET | 1.1.1.1 | 192.168.2.5 | 0x331d | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:15:25.351205111 CET | 1.1.1.1 | 192.168.2.5 | 0x904b | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:26.624716997 CET | 1.1.1.1 | 192.168.2.5 | 0x59b | No error (0) | 65 | IN (0x0001) | false | |||
Mar 14, 2025 03:15:26.625142097 CET | 1.1.1.1 | 192.168.2.5 | 0xaf4c | No error (0) | 216.58.212.164 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:15:30.657355070 CET | 1.1.1.1 | 192.168.2.5 | 0x5755 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:15:30.669070005 CET | 1.1.1.1 | 192.168.2.5 | 0xed84 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:15:30.786345005 CET | 1.1.1.1 | 192.168.2.5 | 0x7dd4 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:00.834919930 CET | 1.1.1.1 | 192.168.2.5 | 0x86be | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:00.984278917 CET | 1.1.1.1 | 192.168.2.5 | 0xc58 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:01.069494009 CET | 1.1.1.1 | 192.168.2.5 | 0xb0e3 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:16:25.607650042 CET | 1.1.1.1 | 192.168.2.5 | 0xaad3 | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:25.607650042 CET | 1.1.1.1 | 192.168.2.5 | 0xaad3 | No error (0) | 142.251.143.67 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:25.609020948 CET | 1.1.1.1 | 192.168.2.5 | 0x3f4d | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:26.624516964 CET | 1.1.1.1 | 192.168.2.5 | 0x39b8 | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:26.624530077 CET | 1.1.1.1 | 192.168.2.5 | 0xe56d | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:26.624530077 CET | 1.1.1.1 | 192.168.2.5 | 0xe56d | No error (0) | 142.250.186.163 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:28.655793905 CET | 1.1.1.1 | 192.168.2.5 | 0xe922 | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:28.655793905 CET | 1.1.1.1 | 192.168.2.5 | 0xe922 | No error (0) | 142.251.143.67 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:29.654654026 CET | 1.1.1.1 | 192.168.2.5 | 0xe922 | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:29.654654026 CET | 1.1.1.1 | 192.168.2.5 | 0xe922 | No error (0) | 142.251.143.67 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:30.655666113 CET | 1.1.1.1 | 192.168.2.5 | 0xe922 | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:30.655666113 CET | 1.1.1.1 | 192.168.2.5 | 0xe922 | No error (0) | 142.251.143.67 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:32.655342102 CET | 1.1.1.1 | 192.168.2.5 | 0xe922 | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:32.655342102 CET | 1.1.1.1 | 192.168.2.5 | 0xe922 | No error (0) | 142.251.143.67 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:35.882735014 CET | 1.1.1.1 | 192.168.2.5 | 0x1d1d | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:36.656953096 CET | 1.1.1.1 | 192.168.2.5 | 0xe922 | No error (0) | beacons-handoff.gcp.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:36.656953096 CET | 1.1.1.1 | 192.168.2.5 | 0xe922 | No error (0) | 142.251.143.67 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:41.002969980 CET | 1.1.1.1 | 192.168.2.5 | 0x2e4a | No error (0) | beacons6.gvt2.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:41.002969980 CET | 1.1.1.1 | 192.168.2.5 | 0x2e4a | No error (0) | 216.58.206.35 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:42.015206099 CET | 1.1.1.1 | 192.168.2.5 | 0x8f93 | No error (0) | 142.250.180.99 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:44.046930075 CET | 1.1.1.1 | 192.168.2.5 | 0xf22e | No error (0) | 142.251.143.35 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:45.052892923 CET | 1.1.1.1 | 192.168.2.5 | 0xf22e | No error (0) | 142.251.143.35 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:46.062477112 CET | 1.1.1.1 | 192.168.2.5 | 0xf22e | No error (0) | 142.251.143.35 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:48.061573029 CET | 1.1.1.1 | 192.168.2.5 | 0xf22e | No error (0) | 142.251.143.35 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:52.067624092 CET | 1.1.1.1 | 192.168.2.5 | 0xf22e | No error (0) | 142.251.143.35 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:56.563759089 CET | 1.1.1.1 | 192.168.2.5 | 0x27d4 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:16:57.003637075 CET | 1.1.1.1 | 192.168.2.5 | 0xa0dc | No error (0) | 216.239.32.3 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:16:58.041868925 CET | 1.1.1.1 | 192.168.2.5 | 0x4395 | No error (0) | 142.251.186.94 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:17:00.077379942 CET | 1.1.1.1 | 192.168.2.5 | 0xbbd4 | No error (0) | 142.251.186.94 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:17:01.079123974 CET | 1.1.1.1 | 192.168.2.5 | 0xbbd4 | No error (0) | 142.251.186.94 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:17:01.117578030 CET | 1.1.1.1 | 192.168.2.5 | 0xb636 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:17:01.174298048 CET | 1.1.1.1 | 192.168.2.5 | 0xfd17 | Name error (3) | none | none | 65 | IN (0x0001) | false | |
Mar 14, 2025 03:17:01.403352022 CET | 1.1.1.1 | 192.168.2.5 | 0x12a5 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Mar 14, 2025 03:17:02.092756987 CET | 1.1.1.1 | 192.168.2.5 | 0xbbd4 | No error (0) | 142.251.186.94 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:17:04.108159065 CET | 1.1.1.1 | 192.168.2.5 | 0xbbd4 | No error (0) | 142.251.186.94 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:17:08.107637882 CET | 1.1.1.1 | 192.168.2.5 | 0xbbd4 | No error (0) | 142.251.186.94 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:17:13.003863096 CET | 1.1.1.1 | 192.168.2.5 | 0x4e81 | No error (0) | 142.250.186.35 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:17:14.018727064 CET | 1.1.1.1 | 192.168.2.5 | 0x8d48 | No error (0) | 142.250.185.131 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:17:16.045909882 CET | 1.1.1.1 | 192.168.2.5 | 0xfdc9 | No error (0) | 142.250.184.195 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:17:17.045258999 CET | 1.1.1.1 | 192.168.2.5 | 0xfdc9 | No error (0) | 142.250.184.195 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:17:18.046650887 CET | 1.1.1.1 | 192.168.2.5 | 0xfdc9 | No error (0) | 142.250.184.195 | A (IP address) | IN (0x0001) | false | ||
Mar 14, 2025 03:17:20.051840067 CET | 1.1.1.1 | 192.168.2.5 | 0xfdc9 | No error (0) | 142.250.184.195 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 22:15:13 |
Start date: | 13/03/2025 |
Path: | C:\Users\user\Desktop\yUgCaQhCIc.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 509'160 bytes |
MD5 hash: | 5DA47991F8DA648663063560B0182040 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 22:15:19 |
Start date: | 13/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff68cc40000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 22:15:20 |
Start date: | 13/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff68cc40000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 3 |
Start time: | 22:15:24 |
Start date: | 13/03/2025 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff68cc40000 |
File size: | 3'388'000 bytes |
MD5 hash: | E81F54E6C1129887AEA47E7D092680BF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage
Dynamic/Packed Code Coverage
Signature Coverage
Execution Coverage: | 25% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 22.6% |
Total number of Nodes: | 1216 |
Total number of Limit Nodes: | 43 |
Graph
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|