Edit tour
Windows
Analysis Report
file.exe
Overview
General Information
| Sample name: | file.exe |
| Analysis ID: | 1520476 |
| MD5: | 4d4ce788750f2f654e42e6bfccde419c |
| SHA1: | 33f56a257b9af1d77c085413be668c5d24f9b2e7 |
| SHA256: | d8ee72c297423711a6580c3bbcaa8e335459fd111352cf024e662d363752097a |
| Tags: | exeuser-Bitsight |
| Infos: | |
 | |
Detection
| Score: | 68 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of debugger detection
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains more sections than normal
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sleep loop found (likely to delay execution)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
file.exe (PID: 7408 cmdline: "C:\Users\ user\Deskt op\file.ex e" MD5: 4D4CE788750F2F654E42E6BFCCDE419C) 
chrome.exe (PID: 7484 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ki osk https: //youtube. com/accoun t?=https:/ /accounts. google.com /v3/signin /challenge /pwd MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 7688 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2172 --fi eld-trial- handle=199 2,i,163185 6487175886 1565,14889 9313424323 50397,2621 44 /prefet ch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 4516 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= audio.mojo m.AudioSer vice --lan g=en-US -- service-sa ndbox-type =audio --m ojo-platfo rm-channel -handle=53 12 --field -trial-han dle=1992,i ,163185648 7175886156 5,14889931 3424323503 97,262144 /prefetch: 8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 6068 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= video_capt ure.mojom. VideoCaptu reService --lang=en- US --servi ce-sandbox -type=none --mojo-pl atform-cha nnel-handl e=5476 --f ield-trial -handle=19 92,i,16318 5648717588 61565,1488 9931342432 350397,262 144 /prefe tch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_0020DBBE | |
| Source: | Code function: | 0_2_001DC2A2 | |
| Source: | Code function: | 0_2_002168EE | |
| Source: | Code function: | 0_2_0021698F | |
| Source: | Code function: | 0_2_0020D076 | |
| Source: | Code function: | 0_2_0020D3A9 | |
| Source: | Code function: | 0_2_00219642 | |
| Source: | Code function: | 0_2_0021979D | |
| Source: | Code function: | 0_2_00219B2B | |
| Source: | Code function: | 0_2_00215C97 | |
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 0_2_0021CE44 | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_0021EAFF | |
| Source: | Code function: | 0_2_0021ED6A | |
| Source: | Code function: | 0_2_0021EAFF | |
| Source: | Code function: | 0_2_0020AA57 | |
| Source: | Binary or memory string: | memstr_6f8e99a9-c | |
| Source: | Code function: | 0_2_00239576 | |
System Summary | |
|---|
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | memstr_54778cd1-a | |
| Source: | String found in binary or memory: | memstr_986359d1-0 | |
| Source: | String found in binary or memory: | memstr_44870cf4-6 | |
| Source: | String found in binary or memory: | memstr_d0a502b5-0 | |
| Source: | Code function: | 0_2_0020D5EB | |
| Source: | Code function: | 0_2_00201201 | |
| Source: | Code function: | 0_2_0020E8F6 | |
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File deleted: | Jump to behavior | ||
| Source: | Code function: | 0_2_001ABF40 | |
| Source: | Code function: | 0_2_00212046 | |
| Source: | Code function: | 0_2_001A8060 | |
| Source: | Code function: | 0_2_00208298 | |
| Source: | Code function: | 0_2_001DE4FF | |
| Source: | Code function: | 0_2_001D676B | |
| Source: | Code function: | 0_2_00234873 | |
| Source: | Code function: | 0_2_001CCAA0 | |
| Source: | Code function: | 0_2_001ACAF0 | |
| Source: | Code function: | 0_2_001BCC39 | |
| Source: | Code function: | 0_2_001D6DD9 | |
| Source: | Code function: | 0_2_001BB119 | |
| Source: | Code function: | 0_2_001A91C0 | |
| Source: | Code function: | 0_2_001C1394 | |
| Source: | Code function: | 0_2_001C1706 | |
| Source: | Code function: | 0_2_001C781B | |
| Source: | Code function: | 0_2_001A7920 | |
| Source: | Code function: | 0_2_001B997D | |
| Source: | Code function: | 0_2_001C19B0 | |
| Source: | Code function: | 0_2_001C7A4A | |
| Source: | Code function: | 0_2_001C1C77 | |
| Source: | Code function: | 0_2_001C7CA7 | |
| Source: | Code function: | 0_2_0022BE44 | |
| Source: | Code function: | 0_2_001D9EEE | |
| Source: | Code function: | 0_2_001C1F32 | |
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_002137B5 | |
| Source: | Code function: | 0_2_002010BF | |
| Source: | Code function: | 0_2_002016C3 | |
| Source: | Code function: | 0_2_002151CD | |
| Source: | Code function: | 0_2_0022A67C | |
| Source: | Code function: | 0_2_0021648E | |
| Source: | Code function: | 0_2_001A42A2 | |
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_001A42DE | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_001C0A89 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Code function: | 0_2_001BF98E | |
| Source: | Code function: | 0_2_00231C41 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | Sandbox detection routine: | graph_0-98537 | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Code function: | 0_2_0020DBBE | |
| Source: | Code function: | 0_2_001DC2A2 | |
| Source: | Code function: | 0_2_002168EE | |
| Source: | Code function: | 0_2_0021698F | |
| Source: | Code function: | 0_2_0020D076 | |
| Source: | Code function: | 0_2_0020D3A9 | |
| Source: | Code function: | 0_2_00219642 | |
| Source: | Code function: | 0_2_0021979D | |
| Source: | Code function: | 0_2_00219B2B | |
| Source: | Code function: | 0_2_00215C97 | |
| Source: | Code function: | 0_2_001A42DE | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
Anti Debugging | |
|---|
| Source: | Debugger detection routine: | graph_0-97073 | ||
| Source: | Code function: | 0_2_0021EAA2 | |
| Source: | Code function: | 0_2_001D2622 | |
| Source: | Code function: | 0_2_001A42DE | |
| Source: | Code function: | 0_2_001C4CE8 | |
| Source: | Code function: | 0_2_00200B62 | |
| Source: | Code function: | 0_2_001D2622 | |
| Source: | Code function: | 0_2_001C083F | |
| Source: | Code function: | 0_2_001C09D5 | |
| Source: | Code function: | 0_2_001C0C21 | |
| Source: | Code function: | 0_2_00201201 | |
| Source: | Code function: | 0_2_001E2BA5 | |
| Source: | Code function: | 0_2_0020B226 | |
| Source: | Code function: | 0_2_002222DA | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00200B62 | |
| Source: | Code function: | 0_2_00201663 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_001C0698 | |
| Source: | Code function: | 0_2_00218195 | |
| Source: | Code function: | 0_2_001FD27A | |
| Source: | Code function: | 0_2_001DB952 | |
| Source: | Code function: | 0_2_001A42DE | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_00221204 | |
| Source: | Code function: | 0_2_00221806 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 1 Disable or Modify Tools | 31 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 2 Valid Accounts | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 31 Input Capture | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 2 Valid Accounts | 2 Obfuscated Files or Information | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 15 System Information Discovery | Distributed Component Object Model | Input Capture | 4 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 12 Process Injection | 1 File Deletion | LSA Secrets | 221 Security Software Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Masquerading | Cached Domain Credentials | 22 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Valid Accounts | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 22 Virtualization/Sandbox Evasion | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 21 Access Token Manipulation | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
| IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | 12 Process Injection | Network Sniffing | Network Service Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 29% | ReversingLabs | |||
| 100% | Joe Sandbox ML |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| youtube-ui.l.google.com | 142.250.185.110 | true | false | unknown | |
| www3.l.google.com | 142.250.185.206 | true | false | unknown | |
| play.google.com | 216.58.206.78 | true | false | unknown | |
| www.google.com | 142.250.186.68 | true | false | unknown | |
| youtube.com | 142.250.186.46 | true | false | unknown | |
| accounts.youtube.com | unknown | unknown | false | unknown | |
| www.youtube.com | unknown | unknown | false | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | unknown | ||
| false | unknown | ||
| false | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false | unknown | |||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 142.250.186.46 | youtube.com | United States | 15169 | GOOGLEUS | false | |
| 142.250.186.68 | www.google.com | United States | 15169 | GOOGLEUS | false | |
| 142.250.185.206 | www3.l.google.com | United States | 15169 | GOOGLEUS | false | |
| 216.58.206.78 | play.google.com | United States | 15169 | GOOGLEUS | false | |
| 142.250.185.110 | youtube-ui.l.google.com | United States | 15169 | GOOGLEUS | false | |
| 142.250.181.238 | unknown | United States | 15169 | GOOGLEUS | false | |
| 239.255.255.250 | unknown | Reserved | unknown | unknown | false |
| IP |
|---|
| 192.168.2.7 |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1520476 |
| Start date and time: | 2024-09-27 11:28:20 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 18s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 14 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | file.exe |
| Detection: | MAL |
| Classification: | mal68.evad.winEXE@38/41@12/8 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.186.67, 142.250.184.238, 108.177.15.84, 34.104.35.123, 142.250.186.99, 142.250.181.234, 216.58.212.170, 142.250.74.202, 142.250.186.42, 142.250.184.234, 142.250.186.106, 216.58.206.42, 172.217.16.138, 172.217.18.10, 172.217.16.202, 172.217.18.106, 142.250.184.202, 142.250.186.74, 142.250.186.170, 142.250.186.138, 216.58.206.74, 142.250.185.74, 142.250.185.170, 142.250.185.138, 142.250.185.202, 142.250.185.234, 142.250.185.106, 93.184.221.240, 142.250.181.227, 142.251.173.84, 216.58.212.174
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, time.windows.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: file.exe
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 239.255.255.250 | Get hash | malicious | Amadey, Stealc | Browse | ||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HtmlDropper | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse |
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Amadey, Stealc | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7484_821695454\Google.Widevine.CDM.dll | Get hash | malicious | HtmlDropper | Browse | ||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7484_659994726\LICENSE
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1558 |
| Entropy (8bit): | 5.11458514637545 |
| Encrypted: | false |
| SSDEEP: | 48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH |
| MD5: | EE002CB9E51BB8DFA89640A406A1090A |
| SHA1: | 49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2 |
| SHA-256: | 3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B |
| SHA-512: | D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7484_659994726\_metadata\verified_contents.json
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1864 |
| Entropy (8bit): | 6.021127689065198 |
| Encrypted: | false |
| SSDEEP: | 48:p/hUI1atAdI567akUmYWEFw/3+ovGJ4F3jkZUbvzk98g5m7:RnYQI47avYUwvVGJ41jkZIzxgA7 |
| MD5: | 68E6B5733E04AB7BF19699A84D8ABBC2 |
| SHA1: | 1C11F06CA1AD3ED8116D356AB9164FD1D52B5CF0 |
| SHA-256: | F095F969D6711F53F97747371C83D5D634EAEF21C54CB1A6A1CC5B816D633709 |
| SHA-512: | 9DC5D824A55C969820D5D1FBB0CA7773361F044AE0C255E7C48D994E16CE169FCEAC3DE180A3A544EBEF32337EA535683115584D592370E5FE7D85C68B86C891 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7484_659994726\manifest.fingerprint
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 66 |
| Entropy (8bit): | 3.9159446964030753 |
| Encrypted: | false |
| SSDEEP: | 3:Sq5TQRaELVHecsUDBAeHD5k:Sq5gJ+csHej5k |
| MD5: | CFB54589424206D0AE6437B5673F498D |
| SHA1: | D1EF6314F0F68EFDD0BA8F6CA9E59BFF863B1609 |
| SHA-256: | 285AC183C35350B4B77332172413902F83726CA8F53D63859B5DA082FD425A1C |
| SHA-512: | 70FDCA4A1E6B7A5FFED3414E2DB74FECA7E0FD17482B8CB30393DFEE20AB9AD2B0B00FF0C590DD0E8D744D0EAD876CE8844519AF66618ED14666BCA56DF2DA21 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7484_659994726\manifest.json
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 85 |
| Entropy (8bit): | 4.4533115571544695 |
| Encrypted: | false |
| SSDEEP: | 3:rR6TAulhFphifFCmMARWHJqS1tean:F6VlM8aRWpqS1ln |
| MD5: | C3419069A1C30140B77045ABA38F12CF |
| SHA1: | 11920F0C1E55CADC7D2893D1EEBB268B3459762A |
| SHA-256: | DB9A702209807BA039871E542E8356219F342A8D9C9CA34BCD9A86727F4A3A0F |
| SHA-512: | C5E95A4E9F5919CB14F4127539C4353A55C5F68062BF6F95E1843B6690CEBED3C93170BADB2412B7FB9F109A620385B0AE74783227D6813F26FF8C29074758A1 |
| Malicious: | false |
| Preview: |
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7484_659994726\sets.json
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 9748 |
| Entropy (8bit): | 4.629326694042306 |
| Encrypted: | false |
| SSDEEP: | 96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJq:v5C4ql7BkIVmtRTGXvcxBsq |
| MD5: | EEA4913A6625BEB838B3E4E79999B627 |
| SHA1: | 1B4966850F1B117041407413B70BFA925FD83703 |
| SHA-256: | 20EF4DE871ECE3C5F14867C4AE8465999C7A2CC1633525E752320E61F78A373C |
| SHA-512: | 31B1429A5FACD6787F6BB45216A4AB1C724C79438C18EBFA8C19CED83149C17783FD492A03197110A75AAF38486A9F58828CA30B58D41E0FE89DFE8BDFC8A004 |
| Malicious: | false |
| Preview: |
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7484_821695454\Google.Widevine.CDM.dll 
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2877728 |
| Entropy (8bit): | 6.868480682648069 |
| Encrypted: | false |
| SSDEEP: | 49152:GB6BoH5sOI2CHusbKOdskuoHHVjcY94RNETO2WYA4oPToqnQ3dK5zuqvGKGxofFo:M67hlnVjcYGRNETO2WYA4oLoqnJuZI5 |
| MD5: | 477C17B6448695110B4D227664AA3C48 |
| SHA1: | 949FF1136E0971A0176F6ADEA8ADCC0DD6030F22 |
| SHA-256: | CB190E7D1B002A3050705580DD51EBA895A19EB09620BDD48D63085D5D88031E |
| SHA-512: | 1E267B01A78BE40E7A02612B331B1D9291DA8E4330DEA10BF786ACBC69F25E0BAECE45FB3BAFE1F4389F420EBAA62373E4F035A45E34EADA6F72C7C61D2302ED |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7484_821695454\_metadata\verified_contents.json
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1778 |
| Entropy (8bit): | 6.02086725086136 |
| Encrypted: | false |
| SSDEEP: | 48:p/hCdQAdJjRkakCi0LXjX9mqjW6JmfQkNWQzXXf2gTs:RtQ1aaxXrjW6JuQEWQKas |
| MD5: | 3E839BA4DA1FFCE29A543C5756A19BDF |
| SHA1: | D8D84AC06C3BA27CCEF221C6F188042B741D2B91 |
| SHA-256: | 43DAA4139D3ED90F4B4635BD4D32346EB8E8528D0D5332052FCDA8F7860DB729 |
| SHA-512: | 19B085A9CFEC4D6F1B87CC6BBEEB6578F9CBA014704D05C9114CFB0A33B2E7729AC67499048CB33823C884517CBBDC24AA0748A9BB65E9C67714E6116365F1AB |
| Malicious: | false |
| Preview: |
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7484_821695454\manifest.fingerprint
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 66 |
| Entropy (8bit): | 3.974403644129192 |
| Encrypted: | false |
| SSDEEP: | 3:SLVV8T+WSq2ykFDJp9qBn:SLVqZS5p0B |
| MD5: | D30A5BBC00F7334EEDE0795D147B2E80 |
| SHA1: | 78F3A6995856854CAD0C524884F74E182F9C3C57 |
| SHA-256: | A08C1BC41DE319392676C7389048D8B1C7424C4B74D2F6466BCF5732B8D86642 |
| SHA-512: | DACF60E959C10A3499D55DC594454858343BF6A309F22D73BDEE86B676D8D0CED10E86AC95ECD78E745E8805237121A25830301680BD12BFC7122A82A885FF4B |
| Malicious: | false |
| Preview: |
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping7484_821695454\manifest.json
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 145 |
| Entropy (8bit): | 4.595307058143632 |
| Encrypted: | false |
| SSDEEP: | 3:rR6TAulhFphifFooG+HhFFKS18CWjhXLXGPQ3TRpvF/FHddTcplFHddTcVYA:F6VlM5PpKS18hRIA |
| MD5: | BBC03E9C7C5944E62EFC9C660B7BD2B6 |
| SHA1: | 83F161E3F49B64553709994B048D9F597CDE3DC6 |
| SHA-256: | 6CCE5AD8D496BC5179FA84AF8AFC568EEBA980D8A75058C6380B64FB42298C28 |
| SHA-512: | FB80F091468A299B5209ACC30EDAF2001D081C22C3B30AAD422CBE6FEA7E5FE36A67A8E000D5DD03A30C60C30391C85FA31F3931E804C351AB0A71E9A978CC0F |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 4070 |
| Entropy (8bit): | 5.362700670482359 |
| Encrypted: | false |
| SSDEEP: | 96:GUpT+TmXtdW1qsHFcn7t7CnyWYvNTcLaQOw:lpT+qXW1PFcn7tGnyWY1TGb |
| MD5: | ED368A20CB303C0E7C6A3E6E43C2E14F |
| SHA1: | 429A5C538B45221F80405163D1F87912DD73C05A |
| SHA-256: | 93BA77AD4B11E0A70C0D36576F0DF24E27F50001EA02BAA6D357E034532D97F2 |
| SHA-512: | DE74BBADE910475DD245FFEFD4E1FD10137DE710B1C920D33BA52554911496E1339EF3C1F6D9D315CBC98A60ABE5687A3E7D8BEE483708E18D25722E794BDBE9 |
| Malicious: | false |
| URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZfAoz,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 32499 |
| Entropy (8bit): | 5.361345284201954 |
| Encrypted: | false |
| SSDEEP: | 768:mLX1O+aL6fgyIiREM4RKmh90toLoTswtF3ATcbDR6kIsnJd9DPyMv/FI:U2M4oltoLoTswtFoc/tIsnXFLI |
| MD5: | D5C3FB8EAE24AB7E40009338B5078496 |
| SHA1: | 5638BF5986A6445A88CD79A9B690B744B126BEC2 |
| SHA-256: | 597C14D360D690BCFDC2B8D315E6BB8879AEF33DE6C30D274743079BDB63C6B0 |
| SHA-512: | 6AE434850D473BEF15AA694AB4862596982CDDA6BD3991991D3ADD8F4A5F61DFBF8756D0DA98B72EF083909D68CF7B6B148A6488E9381F92FBF15CCB20176A0E |
| Malicious: | false |
| URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 1416 |
| Entropy (8bit): | 5.299417038163051 |
| Encrypted: | false |
| SSDEEP: | 24:kMYD7JqrxsNL90YIzFK/Hb5eNhz1uktdDuvKKKGbLZ99GbSSF/ZR8OkdnprGJ:o7JopFN+ASCKKGbF99GbSS3RY7rw |
| MD5: | 6AEAE74D22F7C2D9658B057EA5D85069 |
| SHA1: | 2F4644F53FB4E8EC4AFD49A31C55853F062D284C |
| SHA-256: | EBFE7B5A1020808B9A02667ECC0E7E460643CBDE84F0B9C410C70A91C9726667 |
| SHA-512: | C43F067D649CBC3091B9878715F718E47CD753C860EBEB20CD387C325640C2EF3CA9556D0689852CEF667C8E83BF42568BEF33C8A92BC07FDB91CB7EA608162D |
| Malicious: | false |
| URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZfAoz,ZwDk9d,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 5430 |
| Entropy (8bit): | 3.6534652184263736 |
| Encrypted: | false |
| SSDEEP: | 48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B |
| MD5: | F3418A443E7D841097C714D69EC4BCB8 |
| SHA1: | 49263695F6B0CDD72F45CF1B775E660FDC36C606 |
| SHA-256: | 6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770 |
| SHA-512: | 82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563 |
| Malicious: | false |
| URL: | https://www.google.com/favicon.ico |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 339369 |
| Entropy (8bit): | 5.533022690974177 |
| Encrypted: | false |
| SSDEEP: | 3072:9hFx8tVGv15Iyr4t4s2GvgHVTYDh+rvVvurtVEWzcLmLyszIm8j2kzU:9NlvE+zTYDh+rvh8cLMijFg |
| MD5: | FF16B667178352EFDF164CE3F16A8F55 |
| SHA1: | E9B1BC661337502E31306B5E7AE37D93C0551455 |
| SHA-256: | 625EC33FBA1BFF3734490AC15C8430CDB5850E9159B80F607E093BB73B7F243B |
| SHA-512: | F197393CB05F94BCEDA0FE3176842E09CFCFC2348DE22C9815DD8369D5D333038E8F93F426994482E2E9731A859FA9B6B6062BAD4AA3BFD3C0730281C4CCADB9 |
| Malicious: | false |
| URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 3131 |
| Entropy (8bit): | 5.3750044852869046 |
| Encrypted: | false |
| SSDEEP: | 48:o7zfN/cD498xdg+Y5jNQ8js6npwk0OmNAEZbpMzR4EQBcW5QcHj9KWfGAeFKRrw:oCD9dA5jOEGh+EFqR4rhqUhzff9w |
| MD5: | 39693D34EE3D1829DBB1627C4FC6687B |
| SHA1: | A03303C2F027F3749B48D5134D1F8FB3E495C6E9 |
| SHA-256: | 03B0C1B4E402E0BCF75D530DD9085B25357EEFD09E238453DE1F3A042542C076 |
| SHA-512: | AC0749EDC33DA0EC0E40470388DD797B6528AD08B8FAC1C2AC42F85198131052BA1B533E90409D35DA237607E8B07D591FA6BA580B6A90B0D0AB2282A01F7585 |
| Malicious: | false |
| URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZfAoz,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 52280 |
| Entropy (8bit): | 7.995413196679271 |
| Encrypted: | true |
| SSDEEP: | 1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d |
| MD5: | F61F0D4D0F968D5BBA39A84C76277E1A |
| SHA1: | AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2 |
| SHA-256: | 57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC |
| SHA-512: | 6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487 |
| Malicious: | false |
| URL: | https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2 |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 1858 |
| Entropy (8bit): | 5.253939888205379 |
| Encrypted: | false |
| SSDEEP: | 48:o7BNJfeFb8L3A6FHqIy5Z+d70OCzSfvi/3fM/r8ZQzRrw:oFuILhFHrVCz0vLZz9w |
| MD5: | 10FF6F99E3228E96AFD6E2C30EF97C0A |
| SHA1: | 4AE3DCB8D1F5A0C302D5BAD9DFF5050A7A5E8130 |
| SHA-256: | 95E5546E1C7F311D07BB5050CC456A973E43BCC4777BA6014757376016537679 |
| SHA-512: | 116C0B1CAC98A27044100005545AB66BE5F4801D75DC259093A9F145B3A4ACD8DC1C360AF525F6DC8421CD54B675A78023D2ED8B57F5946A3969543758C673C9 |
| Malicious: | false |
| URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZfAoz,ZwDk9d,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 22827 |
| Entropy (8bit): | 5.420322672717721 |
| Encrypted: | false |
| SSDEEP: | 384:/jqdWXWfyA20UUjDE8BSUxDJs16KHvSN34kaHaN+587SaXD2mLR0H:/jqdWXAUUjDE84Wi6KPSKjHaN+58+0J2 |
| MD5: | 2B29741A316862EE788996DD29116DD5 |
| SHA1: | 9D5551916D4452E977C39B8D69CF88DF2AAA462B |
| SHA-256: | 62955C853976B722EFBB4C116A10DB3FF54580EDD7495D280177550B8F4289AB |
| SHA-512: | 6E37C3258F07F29909763728DADE0CD40A3602D55D9099F78B37756926FCF2A50008B82876B518FEAF3E56617F0F7D1D37A73C346A99A58E6AD8BCD6689E9B15 |
| Malicious: | false |
| URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 358292 |
| Entropy (8bit): | 5.622523467644739 |
| Encrypted: | false |
| SSDEEP: | 3072:sy/lJpABa9hEP2iyjV5ygVLdh3YB4qyhLD6Crjyp3Sm5pnrjtuo0MpLEKusgI8sw:TyTNoygVWyhoDAMpL5gI8seqfhP3p+L |
| MD5: | 14049A4F8FB34A2FA52A0358C72B2F2E |
| SHA1: | 680985BDBE3FA830B31A9F02D40AFE925C12E70E |
| SHA-256: | 56C112F31C6F61735FE5EBD188AD0928406F04454AFEC139297328D3EE6540B4 |
| SHA-512: | 5637742A7E2936540D957BA8A09991478EF0D4C28A3DA92D5260C7D5DA7BFD20811AFA26C0B53DD88D4A536B3C40A21ACA3310EFC17508A1C806B76ACB320631 |
| Malicious: | false |
| URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=AvtSve,EFQ78c,EIOG1e,GwYlN,I6YDgd,IZT63,K0PMbc,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,y5vRwf,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 84 |
| Entropy (8bit): | 4.875266466142591 |
| Encrypted: | false |
| SSDEEP: | 3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ |
| MD5: | 87B6333E98B7620EA1FF98D1A837A39E |
| SHA1: | 105DE6815B0885357DE1414BFC0D77FCC9E924EF |
| SHA-256: | DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA |
| SHA-512: | 867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994 |
| Malicious: | false |
| URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 3471 |
| Entropy (8bit): | 5.5174491302699495 |
| Encrypted: | false |
| SSDEEP: | 96:ojAmjTJ/fJgpIcB7Fd2tilGBEMO/A6VxV08w:vUTJpgDJXM0ApJ |
| MD5: | 2D999C87DD54C7FE6400D267C33FBB23 |
| SHA1: | 414C3A329C2760325EDBACBD7A221D7F8DBFEEE8 |
| SHA-256: | 76D55A1AFC1D39CB04D60EB04E45A538A0E75EE2871561C84CC89B1C13596BCC |
| SHA-512: | 72D923BB71DD147139962FF8E2BD0E336E0F6409C212AC2F25387D0F3B4FC9365F5A6D40E2980BB1065534888362C97D6B7663E362D29166B5915D2A9DA7D238 |
| Malicious: | false |
| URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZfAoz,ZwDk9d,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,iAskyc,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 5049 |
| Entropy (8bit): | 5.317800104741948 |
| Encrypted: | false |
| SSDEEP: | 96:oHX9gPiPrfnHhsB0TR6kg1oDPJzLmM18Vh1z2fEZ54TZtnqj6w:EtEAr6BmPZtOeEvW/ncP |
| MD5: | CE53EF566B68CCF2D62FA044CFB0D138 |
| SHA1: | F48EC60289F2B55E8B388601206888F8295B1EB1 |
| SHA-256: | E6CC5114D92811D5DE0663266D4B63F367834AFA0FC3BAFA54F707038C59D010 |
| SHA-512: | 20B434881DE971E263669E6096C01665D4D35B0FBFF47D312A4A442645EE962A8CE6AD7E68246D4EE9691BD30D9B1DDCF7059226492E1B58CD3191B63B001E4D |
| Malicious: | false |
| URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZfAoz,ZwDk9d,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,iAskyc,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 603951 |
| Entropy (8bit): | 5.789949489744101 |
| Encrypted: | false |
| SSDEEP: | 3072:x0pApkygA62bwwdnO2YflNYhFGOizdGj008PpVVM96C5bMEPQUhts6FV8eKqtVAT:xlgNmwwdnOsF98oNGuQRAYqXsI1+ |
| MD5: | 036BC6CEC1912EAA63C716C2A7494AFC |
| SHA1: | C32891F55B0D7A86DCE1BDBB7B84DB21C2A09F4F |
| SHA-256: | 1A6181C3DFAEE5919CE57152DCFFCDC4B151C5FB2969CFD62168C1711FF202CF |
| SHA-512: | 0AAA2285D109114921B5FD8A15F9A3D1F218AF8C61054B3925965E6753F8A49B45798326EA986C4A6B6180B6C36292A4652E2BA730C7505684DAAA4B5C314675 |
| Malicious: | false |
| URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlGsNipZrCRRMFQh1-tVmHSsIDzQTA/m=_b,_tp" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 9210 |
| Entropy (8bit): | 5.3872171131917925 |
| Encrypted: | false |
| SSDEEP: | 192:FK/pAzN7GZ068Hqhqu6DQaVapzYjgKItwdiwUsYRTi1j1t9bRl9:FqI7GZ04dRYjghtgisYYbt9ll9 |
| MD5: | AB70454DE18E1CE16E61EAC290FC304D |
| SHA1: | 68532B5E8B262D7E14B8F4507AA69A61146B3C18 |
| SHA-256: | B32D746867CC4FA21FD39437502F401D952D0A3E8DC708DFB7D58B85F256C0F1 |
| SHA-512: | A123C517380BEF0B47F23A5A6E1D16650FE39D9C701F9FA5ADD79294973C118E8EA3A7BA32CB63C3DFC0CE0F843FB86BFFCAA2AAE987629E7DFF84F176DEBB98 |
| Malicious: | false |
| URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb" |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 1652 |
| Entropy (8bit): | 5.296387798840289 |
| Encrypted: | false |
| SSDEEP: | 48:o7YNJvl3WlDQENrpB3stYCIgMxILNH/wf7DVTBpdQrw:o5fpB8iDwYlGw |
| MD5: | F18EA2D35027D6173E2864B5863CB6E3 |
| SHA1: | 1979174E786593DAFD2B23084F26332AB929216C |
| SHA-256: | 547E151C2D842255451D651B749239B28DED9F803B524A77BD1E14D878BDAF58 |
| SHA-512: | A031A439A99BCA557951A75234766033145E7D05E8453A4FE9BC0EA091E49BA59AF1479850D1E896B2D114575A80CCE111A787E7EEA9A7F288C78AD325436C18 |
| Malicious: | false |
| URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=xUdipf,OTA3Ae,A1yn5d,fKUV3e,aurFic,Ug7Xab,NwH0H,OmgaI,gychg,w9hDv,EEDORb,Mlhmy,ZfAoz,kWgXee,ovKuLd,yDVVkb,ebZ3mb,ZDZcre,A7fCU" |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.036730316410912 |
| TrID: |
|
| File name: | file.exe |
| File size: | 1'167'360 bytes |
| MD5: | 4d4ce788750f2f654e42e6bfccde419c |
| SHA1: | 33f56a257b9af1d77c085413be668c5d24f9b2e7 |
| SHA256: | d8ee72c297423711a6580c3bbcaa8e335459fd111352cf024e662d363752097a |
| SHA512: | 68869a12fe7203c3a13391c6cdc6ca271477c00a42dce3ba1ae03cfb214099ec627e01c4416dcf3d63cb030345433b138a12770020006c497deb682cb4c5e516 |
| SSDEEP: | 24576:vqDEvCTbMWu7rQYlBQcBiT6rprG8ar92+b+HdiJUK:vTvC/MTQYxsWR7ar92+b+HoJU |
| TLSH: | 8945CF027391C062FF9B92734F5AF6115BBC69260123E61F13981DBABE701B1563E7A3 |
| File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z.... |
 | |
| Icon Hash: | aaf3e3e3938382a0 |
| Entrypoint: | 0x420577 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x66F66AF9 [Fri Sep 27 08:21:13 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 1 |
| File Version Major: | 5 |
| File Version Minor: | 1 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 1 |
| Import Hash: | 948cc502fe9226992dce9417f952fce3 |
| Instruction |
|---|
| call 00007F6B7D385783h |
| jmp 00007F6B7D38508Fh |
| push ebp |
| mov ebp, esp |
| push esi |
| push dword ptr [ebp+08h] |
| mov esi, ecx |
| call 00007F6B7D38526Dh |
| mov dword ptr [esi], 0049FDF0h |
| mov eax, esi |
| pop esi |
| pop ebp |
| retn 0004h |
| and dword ptr [ecx+04h], 00000000h |
| mov eax, ecx |
| and dword ptr [ecx+08h], 00000000h |
| mov dword ptr [ecx+04h], 0049FDF8h |
| mov dword ptr [ecx], 0049FDF0h |
| ret |
| push ebp |
| mov ebp, esp |
| push esi |
| push dword ptr [ebp+08h] |
| mov esi, ecx |
| call 00007F6B7D38523Ah |
| mov dword ptr [esi], 0049FE0Ch |
| mov eax, esi |
| pop esi |
| pop ebp |
| retn 0004h |
| and dword ptr [ecx+04h], 00000000h |
| mov eax, ecx |
| and dword ptr [ecx+08h], 00000000h |
| mov dword ptr [ecx+04h], 0049FE14h |
| mov dword ptr [ecx], 0049FE0Ch |
| ret |
| push ebp |
| mov ebp, esp |
| push esi |
| mov esi, ecx |
| lea eax, dword ptr [esi+04h] |
| mov dword ptr [esi], 0049FDD0h |
| and dword ptr [eax], 00000000h |
| and dword ptr [eax+04h], 00000000h |
| push eax |
| mov eax, dword ptr [ebp+08h] |
| add eax, 04h |
| push eax |
| call 00007F6B7D387E2Dh |
| pop ecx |
| pop ecx |
| mov eax, esi |
| pop esi |
| pop ebp |
| retn 0004h |
| lea eax, dword ptr [ecx+04h] |
| mov dword ptr [ecx], 0049FDD0h |
| push eax |
| call 00007F6B7D387E78h |
| pop ecx |
| ret |
| push ebp |
| mov ebp, esp |
| push esi |
| mov esi, ecx |
| lea eax, dword ptr [esi+04h] |
| mov dword ptr [esi], 0049FDD0h |
| push eax |
| call 00007F6B7D387E61h |
| test byte ptr [ebp+08h], 00000001h |
| pop ecx |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc8e64 | 0x17c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd4000 | 0x46464 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x11b000 | 0x7594 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0xb0ff0 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0xc3400 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xb1010 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x9c000 | 0x894 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x9ab1d | 0x9ac00 | 0a1473f3064dcbc32ef93c5c8a90f3a6 | False | 0.565500681542811 | data | 6.668273581389308 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x9c000 | 0x2fb82 | 0x2fc00 | c9cf2468b60bf4f80f136ed54b3989fb | False | 0.35289185209424084 | data | 5.691811547483722 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xcc000 | 0x706c | 0x4800 | 53b9025d545d65e23295e30afdbd16d9 | False | 0.04356553819444445 | DOS executable (block device driver @\273\) | 0.5846666986982398 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0xd4000 | 0x46464 | 0x46600 | 6b40e5893997c17df36dbbb8c5b1f3b8 | False | 0.9059759380550622 | data | 7.844924514305071 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x11b000 | 0x7594 | 0x7600 | c68ee8931a32d45eb82dc450ee40efc3 | False | 0.7628111758474576 | data | 6.7972128181359786 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0xd45a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
| RT_ICON | 0xd46d0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
| RT_ICON | 0xd47f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
| RT_ICON | 0xd4920 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | English | Great Britain | 0.3333333333333333 |
| RT_ICON | 0xd4c08 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | English | Great Britain | 0.5 |
| RT_ICON | 0xd4d30 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | Great Britain | 0.2835820895522388 |
| RT_ICON | 0xd5bd8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | Great Britain | 0.37906137184115524 |
| RT_ICON | 0xd6480 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | Great Britain | 0.23699421965317918 |
| RT_ICON | 0xd69e8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | Great Britain | 0.13858921161825727 |
| RT_ICON | 0xd8f90 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | Great Britain | 0.25070356472795496 |
| RT_ICON | 0xda038 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | Great Britain | 0.3173758865248227 |
| RT_MENU | 0xda4a0 | 0x50 | data | English | Great Britain | 0.9 |
| RT_STRING | 0xda4f0 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
| RT_STRING | 0xdaa84 | 0x68a | data | English | Great Britain | 0.2735961768219833 |
| RT_STRING | 0xdb110 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
| RT_STRING | 0xdb5a0 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
| RT_STRING | 0xdbb9c | 0x65c | data | English | Great Britain | 0.34336609336609336 |
| RT_STRING | 0xdc1f8 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
| RT_STRING | 0xdc660 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
| RT_RCDATA | 0xdc7b8 | 0x3d72c | data | 1.0003416874592757 | ||
| RT_GROUP_ICON | 0x119ee4 | 0x76 | data | English | Great Britain | 0.6610169491525424 |
| RT_GROUP_ICON | 0x119f5c | 0x14 | data | English | Great Britain | 1.25 |
| RT_GROUP_ICON | 0x119f70 | 0x14 | data | English | Great Britain | 1.15 |
| RT_GROUP_ICON | 0x119f84 | 0x14 | data | English | Great Britain | 1.25 |
| RT_VERSION | 0x119f98 | 0xdc | data | English | Great Britain | 0.6181818181818182 |
| RT_MANIFEST | 0x11a074 | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
| DLL | Import |
|---|---|
| WSOCK32.dll | gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect |
| VERSION.dll | GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW |
| WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
| COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
| MPR.dll | WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W |
| WININET.dll | HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable |
| PSAPI.DLL | GetProcessMemoryInfo |
| IPHLPAPI.DLL | IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile |
| USERENV.dll | DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile |
| UxTheme.dll | IsThemeActive |
| KERNEL32.dll | DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW |
| USER32.dll | GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient |
| GDI32.dll | EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath |
| COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
| ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW |
| SHELL32.dll | DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW |
| ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket |
| OLEAUT32.dll | CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | Great Britain |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Sep 27, 2024 11:29:16.513195992 CEST | 49674 | 443 | 192.168.2.7 | 104.98.116.138 |
| Sep 27, 2024 11:29:16.513223886 CEST | 49675 | 443 | 192.168.2.7 | 104.98.116.138 |
| Sep 27, 2024 11:29:16.669471979 CEST | 49672 | 443 | 192.168.2.7 | 104.98.116.138 |
| Sep 27, 2024 11:29:18.154112101 CEST | 49677 | 443 | 192.168.2.7 | 20.50.201.200 |
| Sep 27, 2024 11:29:18.528851986 CEST | 49677 | 443 | 192.168.2.7 | 20.50.201.200 |
| Sep 27, 2024 11:29:18.950680017 CEST | 49671 | 443 | 192.168.2.7 | 204.79.197.203 |
| Sep 27, 2024 11:29:19.278805971 CEST | 49677 | 443 | 192.168.2.7 | 20.50.201.200 |
| Sep 27, 2024 11:29:20.778815031 CEST | 49677 | 443 | 192.168.2.7 | 20.50.201.200 |
| Sep 27, 2024 11:29:23.496731997 CEST | 49701 | 443 | 192.168.2.7 | 142.250.186.46 |
| Sep 27, 2024 11:29:23.496761084 CEST | 443 | 49701 | 142.250.186.46 | 192.168.2.7 |
| Sep 27, 2024 11:29:23.496810913 CEST | 49701 | 443 | 192.168.2.7 | 142.250.186.46 |
| Sep 27, 2024 11:29:23.547241926 CEST | 49701 | 443 | 192.168.2.7 | 142.250.186.46 |
| Sep 27, 2024 11:29:23.547266960 CEST | 443 | 49701 | 142.250.186.46 | 192.168.2.7 |
| Sep 27, 2024 11:29:23.767832994 CEST | 49677 | 443 | 192.168.2.7 | 20.50.201.200 |
| Sep 27, 2024 11:29:24.188925028 CEST | 443 | 49701 | 142.250.186.46 | 192.168.2.7 |
| Sep 27, 2024 11:29:24.189207077 CEST | 49701 | 443 | 192.168.2.7 | 142.250.186.46 |
| Sep 27, 2024 11:29:24.189239025 CEST | 443 | 49701 | 142.250.186.46 | 192.168.2.7 |
| Sep 27, 2024 11:29:24.189929962 CEST | 443 | 49701 | 142.250.186.46 | 192.168.2.7 |
| Sep 27, 2024 11:29:24.189992905 CEST | 49701 | 443 | 192.168.2.7 | 142.250.186.46 |
| Sep 27, 2024 11:29:24.191373110 CEST | 443 | 49701 | 142.250.186.46 | 192.168.2.7 |
| Sep 27, 2024 11:29:24.191426992 CEST | 49701 | 443 | 192.168.2.7 | 142.250.186.46 |
| Sep 27, 2024 11:29:24.192312956 CEST | 49701 | 443 | 192.168.2.7 | 142.250.186.46 |
| Sep 27, 2024 11:29:24.192398071 CEST | 443 | 49701 | 142.250.186.46 | 192.168.2.7 |
| Sep 27, 2024 11:29:24.192473888 CEST | 49701 | 443 | 192.168.2.7 | 142.250.186.46 |
| Sep 27, 2024 11:29:24.192481995 CEST | 443 | 49701 | 142.250.186.46 | 192.168.2.7 |
| Sep 27, 2024 11:29:24.246993065 CEST | 49701 | 443 | 192.168.2.7 | 142.250.186.46 |
| Sep 27, 2024 11:29:24.468565941 CEST | 443 | 49701 | 142.250.186.46 | 192.168.2.7 |
| Sep 27, 2024 11:29:24.468668938 CEST | 443 | 49701 | 142.250.186.46 | 192.168.2.7 |
| Sep 27, 2024 11:29:24.468803883 CEST | 49701 | 443 | 192.168.2.7 | 142.250.186.46 |
| Sep 27, 2024 11:29:24.469541073 CEST | 49701 | 443 | 192.168.2.7 | 142.250.186.46 |
| Sep 27, 2024 11:29:24.469568968 CEST | 443 | 49701 | 142.250.186.46 | 192.168.2.7 |
| Sep 27, 2024 11:29:24.480140924 CEST | 49705 | 443 | 192.168.2.7 | 142.250.185.110 |
| Sep 27, 2024 11:29:24.480181932 CEST | 443 | 49705 | 142.250.185.110 | 192.168.2.7 |
| Sep 27, 2024 11:29:24.480375051 CEST | 49705 | 443 | 192.168.2.7 | 142.250.185.110 |
| Sep 27, 2024 11:29:24.480565071 CEST | 49705 | 443 | 192.168.2.7 | 142.250.185.110 |
| Sep 27, 2024 11:29:24.480583906 CEST | 443 | 49705 | 142.250.185.110 | 192.168.2.7 |
| Sep 27, 2024 11:29:25.112268925 CEST | 443 | 49705 | 142.250.185.110 | 192.168.2.7 |
| Sep 27, 2024 11:29:25.112574100 CEST | 49705 | 443 | 192.168.2.7 | 142.250.185.110 |
| Sep 27, 2024 11:29:25.112590075 CEST | 443 | 49705 | 142.250.185.110 | 192.168.2.7 |
| Sep 27, 2024 11:29:25.113161087 CEST | 443 | 49705 | 142.250.185.110 | 192.168.2.7 |
| Sep 27, 2024 11:29:25.113230944 CEST | 49705 | 443 | 192.168.2.7 | 142.250.185.110 |
| Sep 27, 2024 11:29:25.114201069 CEST | 443 | 49705 | 142.250.185.110 | 192.168.2.7 |
| Sep 27, 2024 11:29:25.114312887 CEST | 49705 | 443 | 192.168.2.7 | 142.250.185.110 |
| Sep 27, 2024 11:29:25.115418911 CEST | 49705 | 443 | 192.168.2.7 | 142.250.185.110 |
| Sep 27, 2024 11:29:25.115518093 CEST | 443 | 49705 | 142.250.185.110 | 192.168.2.7 |
| Sep 27, 2024 11:29:25.115672112 CEST | 49705 | 443 | 192.168.2.7 | 142.250.185.110 |
| Sep 27, 2024 11:29:25.115690947 CEST | 443 | 49705 | 142.250.185.110 | 192.168.2.7 |
| Sep 27, 2024 11:29:25.327409029 CEST | 443 | 49705 | 142.250.185.110 | 192.168.2.7 |
| Sep 27, 2024 11:29:25.327500105 CEST | 49705 | 443 | 192.168.2.7 | 142.250.185.110 |
| Sep 27, 2024 11:29:25.425338030 CEST | 443 | 49705 | 142.250.185.110 | 192.168.2.7 |
| Sep 27, 2024 11:29:25.425365925 CEST | 443 | 49705 | 142.250.185.110 | 192.168.2.7 |
| Sep 27, 2024 11:29:25.425429106 CEST | 49705 | 443 | 192.168.2.7 | 142.250.185.110 |
| Sep 27, 2024 11:29:25.425446033 CEST | 443 | 49705 | 142.250.185.110 | 192.168.2.7 |
| Sep 27, 2024 11:29:25.426074982 CEST | 443 | 49705 | 142.250.185.110 | 192.168.2.7 |
| Sep 27, 2024 11:29:25.426129103 CEST | 49705 | 443 | 192.168.2.7 | 142.250.185.110 |
| Sep 27, 2024 11:29:25.576018095 CEST | 49705 | 443 | 192.168.2.7 | 142.250.185.110 |
| Sep 27, 2024 11:29:25.576057911 CEST | 443 | 49705 | 142.250.185.110 | 192.168.2.7 |
| Sep 27, 2024 11:29:26.122008085 CEST | 49674 | 443 | 192.168.2.7 | 104.98.116.138 |
| Sep 27, 2024 11:29:26.123375893 CEST | 49675 | 443 | 192.168.2.7 | 104.98.116.138 |
| Sep 27, 2024 11:29:26.278346062 CEST | 49672 | 443 | 192.168.2.7 | 104.98.116.138 |
| Sep 27, 2024 11:29:26.772301912 CEST | 49709 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:29:26.772344112 CEST | 443 | 49709 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:29:26.772433043 CEST | 49709 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:29:26.772686005 CEST | 49709 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:29:26.772703886 CEST | 443 | 49709 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:29:27.412765980 CEST | 443 | 49709 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:29:27.413083076 CEST | 49709 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:29:27.413101912 CEST | 443 | 49709 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:29:27.414225101 CEST | 443 | 49709 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:29:27.414304018 CEST | 49709 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:29:27.415369987 CEST | 49709 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:29:27.415477991 CEST | 443 | 49709 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:29:27.465821028 CEST | 49709 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:29:27.465837002 CEST | 443 | 49709 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:29:27.512644053 CEST | 49709 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:29:28.492841959 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:28.492901087 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:28.493160963 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:28.494836092 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:28.494862080 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:28.562370062 CEST | 49671 | 443 | 192.168.2.7 | 204.79.197.203 |
| Sep 27, 2024 11:29:28.731858969 CEST | 443 | 49698 | 104.98.116.138 | 192.168.2.7 |
| Sep 27, 2024 11:29:28.731957912 CEST | 49698 | 443 | 192.168.2.7 | 104.98.116.138 |
| Sep 27, 2024 11:29:29.241168022 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:29.241251945 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:29.244950056 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:29.244976044 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:29.245234966 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:29.292494059 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:29.339413881 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:29.511322021 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:29.511404037 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:29.511455059 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:29.511583090 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:29.511603117 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:29.511616945 CEST | 49712 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:29.511624098 CEST | 443 | 49712 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:29.552614927 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:29.552666903 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:29.552730083 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:29.553139925 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:29.553152084 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:29.727377892 CEST | 49677 | 443 | 192.168.2.7 | 20.50.201.200 |
| Sep 27, 2024 11:29:30.195441961 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:30.195782900 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:30.198930979 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:30.198951006 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:30.199265003 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:30.200392962 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:30.243405104 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:30.473082066 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:30.473162889 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:30.473261118 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:30.481825113 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:30.481846094 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:30.481879950 CEST | 49714 | 443 | 192.168.2.7 | 184.28.90.27 |
| Sep 27, 2024 11:29:30.481885910 CEST | 443 | 49714 | 184.28.90.27 | 192.168.2.7 |
| Sep 27, 2024 11:29:32.337852955 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:32.337893009 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:32.337968111 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:32.338255882 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:32.338263988 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:32.970491886 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:32.970824957 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:32.970848083 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:32.971421957 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:32.971509933 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:32.972629070 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:32.972692966 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:32.973817110 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:32.973926067 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:32.974000931 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:32.974011898 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.029501915 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.289228916 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.289299965 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.289347887 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.289534092 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.289561987 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.295012951 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.295141935 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.295161009 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.301222086 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.301256895 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.301323891 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.301340103 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.301386118 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.307596922 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.307687998 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.313736916 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.313821077 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.313833952 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.313886881 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.375684977 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.375745058 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.375818968 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.375848055 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.375896931 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.378465891 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.378530979 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.385934114 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.386013031 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.386029005 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.386081934 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.391012907 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.391076088 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.397166014 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.397239923 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.397249937 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.403635025 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.403717041 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.403723955 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.409774065 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.409852028 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.409859896 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.409953117 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.410000086 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.410011053 CEST | 443 | 49726 | 142.250.185.206 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.410018921 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.410043001 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.410059929 CEST | 49726 | 443 | 192.168.2.7 | 142.250.185.206 |
| Sep 27, 2024 11:29:33.468280077 CEST | 49729 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:33.468313932 CEST | 443 | 49729 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.468384027 CEST | 49729 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:33.468610048 CEST | 49729 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:33.468621969 CEST | 443 | 49729 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.543870926 CEST | 49731 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:33.543914080 CEST | 443 | 49731 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.544008017 CEST | 49731 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:33.553963900 CEST | 49731 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:33.553991079 CEST | 443 | 49731 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.099787951 CEST | 443 | 49729 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.099999905 CEST | 49729 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.100016117 CEST | 443 | 49729 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.100577116 CEST | 443 | 49729 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.100644112 CEST | 49729 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.101612091 CEST | 443 | 49729 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.101675034 CEST | 49729 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.102638006 CEST | 49729 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.102716923 CEST | 443 | 49729 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.102931023 CEST | 49729 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.102937937 CEST | 443 | 49729 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.155210018 CEST | 49729 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.213597059 CEST | 443 | 49731 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.213984013 CEST | 49731 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.214005947 CEST | 443 | 49731 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.214517117 CEST | 443 | 49731 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.214584112 CEST | 49731 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.215567112 CEST | 443 | 49731 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.215624094 CEST | 49731 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.215862036 CEST | 49731 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.215939045 CEST | 443 | 49731 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.216274023 CEST | 49731 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.216279984 CEST | 443 | 49731 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.264276028 CEST | 49731 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.376249075 CEST | 443 | 49729 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.376449108 CEST | 443 | 49729 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.376548052 CEST | 49729 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.376799107 CEST | 49729 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.376821041 CEST | 443 | 49729 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.376830101 CEST | 49729 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.376876116 CEST | 49729 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.377813101 CEST | 49734 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.377852917 CEST | 443 | 49734 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.378051043 CEST | 49734 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.378335953 CEST | 49734 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.378350019 CEST | 443 | 49734 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.495017052 CEST | 443 | 49731 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.495290995 CEST | 443 | 49731 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.495373011 CEST | 49731 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.495644093 CEST | 49731 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.495660067 CEST | 443 | 49731 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.495671988 CEST | 49731 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.495735884 CEST | 49731 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.496682882 CEST | 49735 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.496727943 CEST | 443 | 49735 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:34.496813059 CEST | 49735 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.497335911 CEST | 49735 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:34.497354984 CEST | 443 | 49735 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.037688971 CEST | 443 | 49734 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.042185068 CEST | 49734 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.042215109 CEST | 443 | 49734 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.042778015 CEST | 443 | 49734 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.042839050 CEST | 49734 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.043832064 CEST | 443 | 49734 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.043889999 CEST | 49734 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.044755936 CEST | 49734 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.044845104 CEST | 443 | 49734 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.045058966 CEST | 49734 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.045067072 CEST | 443 | 49734 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.045084953 CEST | 49734 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.091408014 CEST | 443 | 49734 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.097506046 CEST | 49734 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.144540071 CEST | 443 | 49735 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.144931078 CEST | 49735 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.144964933 CEST | 443 | 49735 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.145348072 CEST | 443 | 49735 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.145411015 CEST | 49735 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.146056890 CEST | 443 | 49735 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.146111965 CEST | 49735 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.146338940 CEST | 49735 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.146404982 CEST | 443 | 49735 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.146639109 CEST | 49735 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.146648884 CEST | 443 | 49735 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.146677017 CEST | 49735 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.186160088 CEST | 49735 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.186172962 CEST | 443 | 49735 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.329883099 CEST | 443 | 49734 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.330058098 CEST | 443 | 49734 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.330151081 CEST | 49734 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.336628914 CEST | 49734 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.336663961 CEST | 443 | 49734 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.341912985 CEST | 443 | 49735 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.342015982 CEST | 443 | 49735 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.342078924 CEST | 49735 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.342725039 CEST | 49735 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:35.342741966 CEST | 443 | 49735 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.840317965 CEST | 49709 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:29:35.887398005 CEST | 443 | 49709 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:29:36.106772900 CEST | 443 | 49709 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:29:36.106825113 CEST | 443 | 49709 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:29:36.106853962 CEST | 443 | 49709 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:29:36.106884956 CEST | 443 | 49709 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:29:36.106940031 CEST | 49709 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:29:36.106951952 CEST | 443 | 49709 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:29:36.106965065 CEST | 49709 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:29:36.107017040 CEST | 443 | 49709 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:29:36.107068062 CEST | 49709 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:29:36.108253956 CEST | 49709 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:29:36.108266115 CEST | 443 | 49709 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:29:36.528703928 CEST | 49739 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:29:36.528745890 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:36.528847933 CEST | 49739 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:29:36.530462027 CEST | 49739 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:29:36.530476093 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:37.140902042 CEST | 49698 | 443 | 192.168.2.7 | 104.98.116.138 |
| Sep 27, 2024 11:29:37.146311998 CEST | 49742 | 443 | 192.168.2.7 | 104.98.116.138 |
| Sep 27, 2024 11:29:37.146348953 CEST | 443 | 49742 | 104.98.116.138 | 192.168.2.7 |
| Sep 27, 2024 11:29:37.146425009 CEST | 49742 | 443 | 192.168.2.7 | 104.98.116.138 |
| Sep 27, 2024 11:29:37.146825075 CEST | 443 | 49698 | 104.98.116.138 | 192.168.2.7 |
| Sep 27, 2024 11:29:37.148439884 CEST | 49742 | 443 | 192.168.2.7 | 104.98.116.138 |
| Sep 27, 2024 11:29:37.148453951 CEST | 443 | 49742 | 104.98.116.138 | 192.168.2.7 |
| Sep 27, 2024 11:29:37.223407984 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:37.223495960 CEST | 49739 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:29:37.226382017 CEST | 49739 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:29:37.226392984 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:37.226720095 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:37.278981924 CEST | 49739 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:29:37.977226973 CEST | 49739 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:29:38.023411036 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:38.203303099 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:38.203336954 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:38.203346968 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:38.203363895 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:38.203375101 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:38.203382015 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:38.203418970 CEST | 49739 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:29:38.203447104 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:38.203459978 CEST | 49739 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:29:38.203490973 CEST | 49739 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:29:38.203507900 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:38.203562975 CEST | 49739 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:29:38.203569889 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:38.204128981 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:38.204184055 CEST | 49739 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:29:38.899571896 CEST | 49739 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:29:38.899616957 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:38.899635077 CEST | 49739 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:29:38.899641991 CEST | 443 | 49739 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:29:41.327297926 CEST | 49749 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:41.327342987 CEST | 443 | 49749 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:41.327596903 CEST | 49749 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:41.328612089 CEST | 49749 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:41.328627110 CEST | 443 | 49749 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:41.639635086 CEST | 49677 | 443 | 192.168.2.7 | 20.50.201.200 |
| Sep 27, 2024 11:29:41.992360115 CEST | 443 | 49749 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:41.992641926 CEST | 49749 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:41.992652893 CEST | 443 | 49749 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:41.993036032 CEST | 443 | 49749 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:41.993407011 CEST | 49749 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:41.993474007 CEST | 443 | 49749 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:41.993525028 CEST | 49749 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:41.993535995 CEST | 49749 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:41.993546963 CEST | 443 | 49749 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:42.044351101 CEST | 49749 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:42.292973042 CEST | 443 | 49749 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:42.293133020 CEST | 443 | 49749 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:29:42.293186903 CEST | 49749 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:42.293962955 CEST | 49749 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:29:42.293982029 CEST | 443 | 49749 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:04.080990076 CEST | 49750 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.081056118 CEST | 443 | 49750 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:04.081132889 CEST | 49750 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.082623959 CEST | 49750 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.082659006 CEST | 443 | 49750 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:04.267086983 CEST | 49751 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.267143965 CEST | 443 | 49751 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:04.267245054 CEST | 49751 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.267554045 CEST | 49751 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.267574072 CEST | 443 | 49751 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:04.609896898 CEST | 49752 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.609944105 CEST | 443 | 49752 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:04.610013962 CEST | 49752 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.610630035 CEST | 49752 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.610645056 CEST | 443 | 49752 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:04.747075081 CEST | 443 | 49750 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:04.747566938 CEST | 49750 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.747598886 CEST | 443 | 49750 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:04.747987032 CEST | 443 | 49750 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:04.748301029 CEST | 49750 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.748368979 CEST | 443 | 49750 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:04.748486996 CEST | 49750 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.748522997 CEST | 49750 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.748559952 CEST | 443 | 49750 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:04.906548977 CEST | 443 | 49751 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:04.906883001 CEST | 49751 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.906919956 CEST | 443 | 49751 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:04.907531977 CEST | 443 | 49751 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:04.907924891 CEST | 49751 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.908023119 CEST | 443 | 49751 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:04.908124924 CEST | 49751 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.908153057 CEST | 49751 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:04.908166885 CEST | 443 | 49751 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:05.034280062 CEST | 443 | 49750 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:05.034413099 CEST | 443 | 49750 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:05.034470081 CEST | 49750 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:05.034789085 CEST | 49750 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:05.034833908 CEST | 443 | 49750 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:05.187783957 CEST | 443 | 49751 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:05.187922001 CEST | 443 | 49751 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:05.187987089 CEST | 49751 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:05.188730955 CEST | 49751 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:05.188746929 CEST | 443 | 49751 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:05.247693062 CEST | 443 | 49752 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:05.249408960 CEST | 49752 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:05.249481916 CEST | 443 | 49752 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:05.249789000 CEST | 443 | 49752 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:05.249851942 CEST | 49752 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:05.250494957 CEST | 443 | 49752 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:05.250541925 CEST | 49752 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:05.250690937 CEST | 49752 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:05.250755072 CEST | 443 | 49752 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:05.250955105 CEST | 49752 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:05.250956059 CEST | 49752 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:05.250966072 CEST | 443 | 49752 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:05.295406103 CEST | 443 | 49752 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:05.295742989 CEST | 49752 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:05.446516991 CEST | 443 | 49752 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:05.446692944 CEST | 443 | 49752 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:05.446755886 CEST | 49752 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:05.447081089 CEST | 49752 | 443 | 192.168.2.7 | 216.58.206.78 |
| Sep 27, 2024 11:30:05.447099924 CEST | 443 | 49752 | 216.58.206.78 | 192.168.2.7 |
| Sep 27, 2024 11:30:15.575884104 CEST | 49753 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:30:15.575949907 CEST | 443 | 49753 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:30:15.576127052 CEST | 49753 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:30:15.576745033 CEST | 49753 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:30:15.576756001 CEST | 443 | 49753 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:30:16.274750948 CEST | 443 | 49753 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:30:16.274816990 CEST | 49753 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:30:16.278913021 CEST | 49753 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:30:16.278930902 CEST | 443 | 49753 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:30:16.279262066 CEST | 443 | 49753 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:30:16.286740065 CEST | 49753 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:30:16.331403017 CEST | 443 | 49753 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:30:16.542629957 CEST | 443 | 49753 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:30:16.542659998 CEST | 443 | 49753 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:30:16.542679071 CEST | 443 | 49753 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:30:16.542855978 CEST | 49753 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:30:16.542892933 CEST | 443 | 49753 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:30:16.542962074 CEST | 49753 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:30:16.543694973 CEST | 443 | 49753 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:30:16.543741941 CEST | 443 | 49753 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:30:16.543770075 CEST | 49753 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:30:16.543777943 CEST | 443 | 49753 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:30:16.543827057 CEST | 443 | 49753 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:30:16.543843031 CEST | 49753 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:30:16.543886900 CEST | 49753 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:30:16.545887947 CEST | 49753 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:30:16.545907021 CEST | 443 | 49753 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:30:16.545928001 CEST | 49753 | 443 | 192.168.2.7 | 52.165.165.26 |
| Sep 27, 2024 11:30:16.545934916 CEST | 443 | 49753 | 52.165.165.26 | 192.168.2.7 |
| Sep 27, 2024 11:30:19.869482040 CEST | 443 | 49742 | 104.98.116.138 | 192.168.2.7 |
| Sep 27, 2024 11:30:19.869612932 CEST | 49742 | 443 | 192.168.2.7 | 104.98.116.138 |
| Sep 27, 2024 11:30:26.145663023 CEST | 56934 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:30:26.150515079 CEST | 53 | 56934 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:30:26.150623083 CEST | 56934 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:30:26.150645971 CEST | 56934 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:30:26.155498028 CEST | 53 | 56934 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:30:26.595166922 CEST | 53 | 56934 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:30:26.596446991 CEST | 56934 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:30:26.601737976 CEST | 53 | 56934 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:30:26.601808071 CEST | 56934 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:30:26.827198029 CEST | 56938 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:30:26.827248096 CEST | 443 | 56938 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:30:26.827327013 CEST | 56938 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:30:26.828270912 CEST | 56938 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:30:26.828293085 CEST | 443 | 56938 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:30:27.458158970 CEST | 443 | 56938 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:30:27.458470106 CEST | 56938 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:30:27.458483934 CEST | 443 | 56938 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:30:27.458925962 CEST | 443 | 56938 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:30:27.459286928 CEST | 56938 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:30:27.459356070 CEST | 443 | 56938 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:30:27.513356924 CEST | 56938 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:30:34.279483080 CEST | 56939 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:34.279555082 CEST | 443 | 56939 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:34.279676914 CEST | 56939 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:34.279934883 CEST | 56939 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:34.279966116 CEST | 443 | 56939 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:34.918508053 CEST | 443 | 56939 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:34.918848038 CEST | 56939 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:34.918934107 CEST | 443 | 56939 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:34.919327021 CEST | 443 | 56939 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:34.919756889 CEST | 56939 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:34.919835091 CEST | 443 | 56939 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:34.919946909 CEST | 56939 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:34.919985056 CEST | 56939 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:34.919997931 CEST | 443 | 56939 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:35.221709013 CEST | 443 | 56939 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:35.222385883 CEST | 443 | 56939 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:35.222450972 CEST | 56939 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:35.224446058 CEST | 56939 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:35.224493980 CEST | 443 | 56939 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:35.254403114 CEST | 56941 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:35.254441977 CEST | 443 | 56941 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:35.254503012 CEST | 56941 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:35.255760908 CEST | 56941 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:35.255776882 CEST | 443 | 56941 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:35.884414911 CEST | 443 | 56941 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:35.884668112 CEST | 56941 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:35.884680033 CEST | 443 | 56941 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:35.885121107 CEST | 443 | 56941 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:35.885523081 CEST | 56941 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:35.885602951 CEST | 443 | 56941 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:35.885683060 CEST | 56941 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:35.885709047 CEST | 56941 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:35.885716915 CEST | 443 | 56941 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:36.182396889 CEST | 443 | 56941 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:36.183773041 CEST | 443 | 56941 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:36.183821917 CEST | 56941 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:36.183912992 CEST | 56941 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:30:36.183928967 CEST | 443 | 56941 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:30:37.370558977 CEST | 443 | 56938 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:30:37.370659113 CEST | 443 | 56938 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:30:37.370759010 CEST | 56938 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:31:04.956988096 CEST | 56938 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:31:04.957030058 CEST | 443 | 56938 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:31:04.957278013 CEST | 56944 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:04.957314968 CEST | 443 | 56944 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:04.957381964 CEST | 56944 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:04.959572077 CEST | 56944 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:04.959580898 CEST | 443 | 56944 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:05.391429901 CEST | 56945 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:05.391489029 CEST | 443 | 56945 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:05.391570091 CEST | 56945 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:05.391918898 CEST | 56945 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:05.391936064 CEST | 443 | 56945 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:05.695844889 CEST | 443 | 56944 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:05.696371078 CEST | 56944 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:05.696393013 CEST | 443 | 56944 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:05.696743011 CEST | 443 | 56944 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:05.697141886 CEST | 56944 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:05.697197914 CEST | 443 | 56944 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:05.697328091 CEST | 56944 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:05.697374105 CEST | 56944 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:05.697377920 CEST | 443 | 56944 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:05.995253086 CEST | 443 | 56944 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:05.995414972 CEST | 443 | 56944 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:05.995510101 CEST | 56944 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:05.996043921 CEST | 56944 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:05.996062994 CEST | 443 | 56944 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:06.043107986 CEST | 443 | 56945 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:06.043380022 CEST | 56945 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:06.043406963 CEST | 443 | 56945 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:06.043781996 CEST | 443 | 56945 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:06.044074059 CEST | 56945 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:06.044125080 CEST | 443 | 56945 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:06.044230938 CEST | 56945 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:06.044256926 CEST | 56945 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:06.044306993 CEST | 443 | 56945 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:06.269068956 CEST | 443 | 56945 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:06.269486904 CEST | 443 | 56945 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:06.269589901 CEST | 56945 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:06.269730091 CEST | 56945 | 443 | 192.168.2.7 | 142.250.181.238 |
| Sep 27, 2024 11:31:06.269743919 CEST | 443 | 56945 | 142.250.181.238 | 192.168.2.7 |
| Sep 27, 2024 11:31:26.889271975 CEST | 56947 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:31:26.889328957 CEST | 443 | 56947 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:31:26.889405966 CEST | 56947 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:31:26.889774084 CEST | 56947 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:31:26.889786959 CEST | 443 | 56947 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:31:27.518445969 CEST | 443 | 56947 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:31:27.519299030 CEST | 56947 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:31:27.519314051 CEST | 443 | 56947 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:31:27.519654989 CEST | 443 | 56947 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:31:27.520021915 CEST | 56947 | 443 | 192.168.2.7 | 142.250.186.68 |
| Sep 27, 2024 11:31:27.520072937 CEST | 443 | 56947 | 142.250.186.68 | 192.168.2.7 |
| Sep 27, 2024 11:31:27.560575008 CEST | 56947 | 443 | 192.168.2.7 | 142.250.186.68 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Sep 27, 2024 11:29:23.467381954 CEST | 53330 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:29:23.467823982 CEST | 57811 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:29:23.472470999 CEST | 53 | 53457 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:29:23.473942995 CEST | 53 | 53330 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:29:23.474682093 CEST | 53 | 57811 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:29:23.477499008 CEST | 53 | 52244 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:29:24.472583055 CEST | 54068 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:29:24.472718000 CEST | 52456 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:29:24.479433060 CEST | 53 | 54068 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:29:24.479587078 CEST | 53 | 52456 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:29:24.541202068 CEST | 53 | 64242 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:29:25.481415033 CEST | 123 | 123 | 192.168.2.7 | 20.101.57.9 |
| Sep 27, 2024 11:29:25.652328014 CEST | 123 | 123 | 20.101.57.9 | 192.168.2.7 |
| Sep 27, 2024 11:29:26.763823032 CEST | 64607 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:29:26.763951063 CEST | 52359 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:29:26.771125078 CEST | 53 | 64607 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:29:26.771173954 CEST | 53 | 52359 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:29:29.976090908 CEST | 53 | 65182 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:29:32.327641964 CEST | 64736 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:29:32.327891111 CEST | 54576 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:29:32.336451054 CEST | 53 | 64736 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:29:32.337033987 CEST | 53 | 54576 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.458976984 CEST | 61196 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:29:33.459131956 CEST | 60178 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:29:33.465883017 CEST | 53 | 60178 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:29:33.465951920 CEST | 53 | 61196 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:29:35.975275040 CEST | 53 | 54169 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:29:41.502053022 CEST | 53 | 59009 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:30:00.521898985 CEST | 53 | 50563 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:30:18.644773006 CEST | 138 | 138 | 192.168.2.7 | 192.168.2.255 |
| Sep 27, 2024 11:30:22.992031097 CEST | 53 | 49847 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:30:23.086911917 CEST | 53 | 63171 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:30:26.145163059 CEST | 53 | 50342 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:30:34.270658970 CEST | 54790 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:30:34.270792961 CEST | 53967 | 53 | 192.168.2.7 | 1.1.1.1 |
| Sep 27, 2024 11:30:34.278887987 CEST | 53 | 53967 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:30:34.278925896 CEST | 53 | 54790 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:30:34.354022980 CEST | 53 | 59334 | 1.1.1.1 | 192.168.2.7 |
| Sep 27, 2024 11:31:28.111466885 CEST | 53 | 64404 | 1.1.1.1 | 192.168.2.7 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Sep 27, 2024 11:29:23.467381954 CEST | 192.168.2.7 | 1.1.1.1 | 0xc10a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Sep 27, 2024 11:29:23.467823982 CEST | 192.168.2.7 | 1.1.1.1 | 0x249e | Standard query (0) | 65 | IN (0x0001) | false | |
| Sep 27, 2024 11:29:24.472583055 CEST | 192.168.2.7 | 1.1.1.1 | 0x16a9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Sep 27, 2024 11:29:24.472718000 CEST | 192.168.2.7 | 1.1.1.1 | 0x1787 | Standard query (0) | 65 | IN (0x0001) | false | |
| Sep 27, 2024 11:29:26.763823032 CEST | 192.168.2.7 | 1.1.1.1 | 0x120a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Sep 27, 2024 11:29:26.763951063 CEST | 192.168.2.7 | 1.1.1.1 | 0x7d82 | Standard query (0) | 65 | IN (0x0001) | false | |
| Sep 27, 2024 11:29:32.327641964 CEST | 192.168.2.7 | 1.1.1.1 | 0x6763 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Sep 27, 2024 11:29:32.327891111 CEST | 192.168.2.7 | 1.1.1.1 | 0x14d1 | Standard query (0) | 65 | IN (0x0001) | false | |
| Sep 27, 2024 11:29:33.458976984 CEST | 192.168.2.7 | 1.1.1.1 | 0x25ba | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Sep 27, 2024 11:29:33.459131956 CEST | 192.168.2.7 | 1.1.1.1 | 0xea4d | Standard query (0) | 65 | IN (0x0001) | false | |
| Sep 27, 2024 11:30:34.270658970 CEST | 192.168.2.7 | 1.1.1.1 | 0xc4c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Sep 27, 2024 11:30:34.270792961 CEST | 192.168.2.7 | 1.1.1.1 | 0xb97 | Standard query (0) | 65 | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Sep 27, 2024 11:29:23.473942995 CEST | 1.1.1.1 | 192.168.2.7 | 0xc10a | No error (0) | 142.250.186.46 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:23.474682093 CEST | 1.1.1.1 | 192.168.2.7 | 0x249e | No error (0) | 65 | IN (0x0001) | false | |||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | youtube-ui.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | 142.250.185.110 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | 172.217.23.110 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | 172.217.16.142 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | 142.250.186.110 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | 216.58.212.142 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | 142.250.185.142 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | 142.250.185.78 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | 142.250.186.142 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | 172.217.18.110 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | 142.250.74.206 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | 172.217.16.206 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | 142.250.186.46 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | 142.250.186.78 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | 216.58.206.78 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | 172.217.18.14 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479433060 CEST | 1.1.1.1 | 192.168.2.7 | 0x16a9 | No error (0) | 216.58.206.46 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479587078 CEST | 1.1.1.1 | 192.168.2.7 | 0x1787 | No error (0) | youtube-ui.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:24.479587078 CEST | 1.1.1.1 | 192.168.2.7 | 0x1787 | No error (0) | 65 | IN (0x0001) | false | |||
| Sep 27, 2024 11:29:26.771125078 CEST | 1.1.1.1 | 192.168.2.7 | 0x120a | No error (0) | 142.250.186.68 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:26.771173954 CEST | 1.1.1.1 | 192.168.2.7 | 0x7d82 | No error (0) | 65 | IN (0x0001) | false | |||
| Sep 27, 2024 11:29:32.336451054 CEST | 1.1.1.1 | 192.168.2.7 | 0x6763 | No error (0) | www3.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:32.336451054 CEST | 1.1.1.1 | 192.168.2.7 | 0x6763 | No error (0) | 142.250.185.206 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:32.337033987 CEST | 1.1.1.1 | 192.168.2.7 | 0x14d1 | No error (0) | www3.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Sep 27, 2024 11:29:33.465951920 CEST | 1.1.1.1 | 192.168.2.7 | 0x25ba | No error (0) | 216.58.206.78 | A (IP address) | IN (0x0001) | false | ||
| Sep 27, 2024 11:30:34.278925896 CEST | 1.1.1.1 | 192.168.2.7 | 0xc4c | No error (0) | 142.250.181.238 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49701 | 142.250.186.46 | 443 | 7688 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-09-27 09:29:24 UTC | 839 | OUT | |
| 2024-09-27 09:29:24 UTC | 1704 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 49705 | 142.250.185.110 | 443 | 7688 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-09-27 09:29:25 UTC | 857 | OUT | |
| 2024-09-27 09:29:25 UTC | 2634 | IN |