Edit tour
Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of debugger detection
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
- file.exe (PID: 8108 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 55AD212EF14E1D3A99251BA84D4C3497) - chrome.exe (PID: 8164 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ki osk https: //youtube. com/accoun t?=https:/ /accounts. google.com /v3/signin /challenge /pwd MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA) - chrome.exe (PID: 1516 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2032 --fi eld-trial- handle=198 0,i,613721 1469705690 225,157544 3648157726 4097,26214 4 /prefetc h:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA) - chrome.exe (PID: 9176 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= audio.mojo m.AudioSer vice --lan g=en-US -- service-sa ndbox-type =audio --m ojo-platfo rm-channel -handle=54 24 --field -trial-han dle=1980,i ,613721146 9705690225 ,157544364 8157726409 7,262144 / prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA) - chrome.exe (PID: 9184 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= video_capt ure.mojom. VideoCaptu reService --lang=en- US --servi ce-sandbox -type=none --mojo-pl atform-cha nnel-handl e=5804 --f ield-trial -handle=19 80,i,61372 1146970569 0225,15754 4364815772 64097,2621 44 /prefet ch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00D0DBBE | |
Source: | Code function: | 0_2_00CDC2A2 | |
Source: | Code function: | 0_2_00D168EE | |
Source: | Code function: | 0_2_00D1698F | |
Source: | Code function: | 0_2_00D0D076 | |
Source: | Code function: | 0_2_00D0D3A9 | |
Source: | Code function: | 0_2_00D19642 | |
Source: | Code function: | 0_2_00D1979D | |
Source: | Code function: | 0_2_00D19B2B | |
Source: | Code function: | 0_2_00D15C97 |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: | 0_2_00D1CE44 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00D1EAFF |
Source: | Code function: | 0_2_00D1ED6A |
Source: | Code function: | 0_2_00D1EAFF |
Source: | Code function: | 0_2_00D0AA57 |
Source: | Binary or memory string: | memstr_fdca64fa-d |
Source: | Code function: | 0_2_00D39576 |
System Summary |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_08e02dba-a | |
Source: | String found in binary or memory: | memstr_8f5aaccc-1 | |
Source: | String found in binary or memory: | memstr_a82ccfc6-2 | |
Source: | String found in binary or memory: | memstr_7e1f1e85-3 |
Source: | Code function: | 0_2_00D0D5EB |
Source: | Code function: | 0_2_00D01201 |
Source: | Code function: | 0_2_00D0E8F6 |
Source: | Code function: | 0_2_00D12046 | |
Source: | Code function: | 0_2_00CA8060 | |
Source: | Code function: | 0_2_00D08298 | |
Source: | Code function: | 0_2_00CDE4FF | |
Source: | Code function: | 0_2_00CD676B | |
Source: | Code function: | 0_2_00D34873 | |
Source: | Code function: | 0_2_00CACAF0 | |
Source: | Code function: | 0_2_00CCCAA0 | |
Source: | Code function: | 0_2_00CBCC39 | |
Source: | Code function: | 0_2_00CD6DD9 | |
Source: | Code function: | 0_2_00CA91C0 | |
Source: | Code function: | 0_2_00CBB119 | |
Source: | Code function: | 0_2_00CC1394 | |
Source: | Code function: | 0_2_00CC1706 | |
Source: | Code function: | 0_2_00CC781B | |
Source: | Code function: | 0_2_00CC19B0 | |
Source: | Code function: | 0_2_00CB997D | |
Source: | Code function: | 0_2_00CA7920 | |
Source: | Code function: | 0_2_00CC7A4A | |
Source: | Code function: | 0_2_00CC7CA7 | |
Source: | Code function: | 0_2_00CC1C77 | |
Source: | Code function: | 0_2_00CD9EEE | |
Source: | Code function: | 0_2_00D2BE44 | |
Source: | Code function: | 0_2_00CC1F32 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_00D137B5 |
Source: | Code function: | 0_2_00D010BF | |
Source: | Code function: | 0_2_00D016C3 |
Source: | Code function: | 0_2_00D151CD |
Source: | Code function: | 0_2_00D2A67C |
Source: | Code function: | 0_2_00D1648E |
Source: | Code function: | 0_2_00CA42A2 |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00CA42DE |
Source: | Code function: | 0_2_00CF668F | |
Source: | Code function: | 0_2_00CF6687 | |
Source: | Code function: | 0_2_00CF6683 | |
Source: | Code function: | 0_2_00CC0A89 | |
Source: | Code function: | 0_2_00CF4CE8 | |
Source: | Code function: | 0_2_00CAD01E | |
Source: | Code function: | 0_2_00CB119A | |
Source: | Code function: | 0_2_00CB11A2 | |
Source: | Code function: | 0_2_00CB1252 | |
Source: | Code function: | 0_2_00CB124E | |
Source: | Code function: | 0_2_00CB124A | |
Source: | Code function: | 0_2_00CB1262 | |
Source: | Code function: | 0_2_00CB1256 | |
Source: | Code function: | 0_2_00CB1266 | |
Source: | Code function: | 0_2_00CF56DA | |
Source: | Code function: | 0_2_00CF56EA | |
Source: | Code function: | 0_2_00CF57FA | |
Source: | Code function: | 0_2_00CF57E2 | |
Source: | Code function: | 0_2_00CF5802 | |
Source: | Code function: | 0_2_00CF1789 | |
Source: | Code function: | 0_2_00CF578A | |
Source: | Code function: | 0_2_00CF17A1 | |
Source: | Code function: | 0_2_00CF579A | |
Source: | Code function: | 0_2_00CF179D | |
Source: | Code function: | 0_2_00CF17AD | |
Source: | Code function: | 0_2_00CF17A9 | |
Source: | Code function: | 0_2_00CF17A5 | |
Source: | Code function: | 0_2_00CF57CE | |
Source: | Code function: | 0_2_00CF57B6 | |
Source: | Code function: | 0_2_00CF17B1 | |
Source: | Code function: | 0_2_00CF5742 |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00CBF98E | |
Source: | Code function: | 0_2_00D31C41 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Sandbox detection routine: | graph_0-97135 |
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread sleep count: | Jump to behavior |
Source: | Code function: | 0_2_00D0DBBE | |
Source: | Code function: | 0_2_00CDC2A2 | |
Source: | Code function: | 0_2_00D168EE | |
Source: | Code function: | 0_2_00D1698F | |
Source: | Code function: | 0_2_00D0D076 | |
Source: | Code function: | 0_2_00D0D3A9 | |
Source: | Code function: | 0_2_00D19642 | |
Source: | Code function: | 0_2_00D1979D | |
Source: | Code function: | 0_2_00D19B2B | |
Source: | Code function: | 0_2_00D15C97 |
Source: | Code function: | 0_2_00CA42DE |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging |
---|
Source: | Debugger detection routine: | graph_0-97284 |
Source: | Code function: | 0_2_00D1EAA2 |
Source: | Code function: | 0_2_00CD2622 |
Source: | Code function: | 0_2_00CA42DE |
Source: | Code function: | 0_2_00CC4CE8 |
Source: | Code function: | 0_2_00D00B62 |
Source: | Code function: | 0_2_00CD2622 | |
Source: | Code function: | 0_2_00CC083F | |
Source: | Code function: | 0_2_00CC09D5 | |
Source: | Code function: | 0_2_00CC0C21 |
Source: | Code function: | 0_2_00D01201 |
Source: | Code function: | 0_2_00CE2BA5 |
Source: | Code function: | 0_2_00D0B226 |
Source: | Code function: | 0_2_00D222DA |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00D00B62 |
Source: | Code function: | 0_2_00D01663 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00CC0698 |
Source: | Code function: | 0_2_00D18195 |
Source: | Code function: | 0_2_00CFD27A |
Source: | Code function: | 0_2_00CDB952 |
Source: | Code function: | 0_2_00CA42DE |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00D21204 | |
Source: | Code function: | 0_2_00D21806 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 1 Disable or Modify Tools | 31 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 2 Valid Accounts | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 31 Input Capture | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 1 Registry Run Keys / Startup Folder | 2 Valid Accounts | 2 Obfuscated Files or Information | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 15 System Information Discovery | Distributed Component Object Model | Input Capture | 4 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 12 Process Injection | 1 Masquerading | LSA Secrets | 221 Security Software Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 1 Registry Run Keys / Startup Folder | 2 Valid Accounts | Cached Domain Credentials | 22 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 22 Virtualization/Sandbox Evasion | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 21 Access Token Manipulation | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 12 Process Injection | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
youtube-ui.l.google.com | 142.250.184.206 | true | false | unknown | |
www3.l.google.com | 216.58.206.46 | true | false | unknown | |
play.google.com | 142.250.181.238 | true | false | unknown | |
www.google.com | 142.250.184.196 | true | false | unknown | |
youtube.com | 142.250.185.238 | true | false | unknown | |
accounts.youtube.com | unknown | unknown | false | unknown | |
www.youtube.com | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.184.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.185.238 | youtube.com | United States | 15169 | GOOGLEUS | false | |
216.58.206.46 | www3.l.google.com | United States | 15169 | GOOGLEUS | false | |
172.217.23.110 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.181.238 | play.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.184.206 | youtube-ui.l.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.10 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1520517 |
Start date and time: | 2024-09-27 12:53:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal60.evad.winEXE@37/40@21/8 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.184.238, 64.233.167.84, 34.104.35.123, 142.250.186.138, 142.250.186.170, 142.250.185.234, 142.250.184.202, 142.250.185.74, 142.250.185.138, 142.250.186.74, 216.58.206.42, 142.250.185.170, 172.217.18.106, 142.250.181.234, 142.250.185.106, 142.250.184.234, 142.250.185.202, 172.217.23.106, 216.58.212.138, 142.250.184.195, 142.250.186.131, 172.217.16.138, 216.58.212.170, 216.58.206.74, 88.221.110.91, 142.250.185.227, 64.233.166.84, 74.125.71.84, 108.177.15.84
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: file.exe
⊘No simulations
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Amadey, Stealc | Browse | |||
Get hash | malicious | HTMLPhisher | Browse |
⊘No context
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Amadey, Stealc | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\4179d7b4-4d08-4c57-9590-19ecc0dcbfd4 (copy)
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5091 |
Entropy (8bit): | 7.923768885566106 |
Encrypted: | false |
SSDEEP: | 96:m3RjNsJybY12fFfnDc25KwN9ar3n+kcEE1S52xckap5XBchbgH:cKJybYYxDcxwgJvE13KppZ++H |
MD5: | 536ED0FB0DD074DE85F5FC0B9A38266F |
SHA1: | 9CD106C553A54BE2D6BC5B4593732E2FE5CAE884 |
SHA-256: | E06A178A7BF1F59A27638D2066FB1E58DD83177696452A570741FDEB8F680F71 |
SHA-512: | D93A463CE242F713168FD90EFFA0F5F7C538A8B1001CF3129A72F60E75F72CF2221FFFAD3B21A65910CC7A041F3F4D620C061090EC0764C632E792BCBA38D31D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.9871567057950186 |
Encrypted: | false |
SSDEEP: | 48:8iqbdETM/zHaidAKZdA1uehwiZUklqehly+3:8ixwHuy |
MD5: | BADF1DFF5F49CD45F8BBCD0F2BA3A448 |
SHA1: | 2C8B72A309BB0568A561F05EFA2DBB1BF28DC835 |
SHA-256: | 3895E187773DF0B3F521787C8549CBD1DCA2A0F42393D8D8C62E80E00A995BE8 |
SHA-512: | 19971C9C1BAD9F78C55F16FEDC3AB11E4740D26249606593F4551465B065F9BDBD2EC398108EDEE794251E2550A5AF58039C4C7AC55F2DE4009D34B4D248E365 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.002967510976781 |
Encrypted: | false |
SSDEEP: | 48:8PqbdETM/zHaidAKZdA1Heh/iZUkAQkqehey+2:8Pxwh9Qzy |
MD5: | 0E817D1DC97D9CBDFB538CD96B74667F |
SHA1: | D3414C7BE6596DE0F6155B85CF1D3C3104228BBD |
SHA-256: | 2BACA214E55CD04EE24402B52E36E687C6AF0B204144C99C30F711ED97BC489E |
SHA-512: | 21556FAF203C3704D1F8860F28E517EB6C6200E22E929C45489DFD54D884CA1FA763DD39E5975B406BA0FFE1507697CF16383094BA55E22146FF511F565C721E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.011911490451188 |
Encrypted: | false |
SSDEEP: | 48:8FqbdETMbHaidAKZdA149eh7sFiZUkmgqeh7sEy+BX:8Fxw9nay |
MD5: | 26D47D850D0A974AEF098808A42A520B |
SHA1: | 280ECAA95687735A0F674C7604294517AA645D82 |
SHA-256: | BDA8B3E2E2CEEF3A9481E32E96210F90F662D85DF33ACC022513DDC8F063B74C |
SHA-512: | 5821B785D679FBAFB4A9D3B7D636CC04651C903AA52A81D32A43FF07A127B526225EDC0F47BC6DA0930CB510C8DB512B949E9FF6435954BB8D8239FD81E55FCC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.001570198832555 |
Encrypted: | false |
SSDEEP: | 48:8gqbdETM/zHaidAKZdA14ehDiZUkwqehyy+R:8gxwScy |
MD5: | 93FD4F0E2F54F73F750B3E62F1B7E98F |
SHA1: | 05B702A6107B5A380FB3769525F8E54C01752AD7 |
SHA-256: | 5B9D40A233EFC4CCFC4F2418945234824DF4DA22076EA173EB082D88E8098C9B |
SHA-512: | 449CB55E3C00D9066350BF3946B2F3634F37D17DB48F0614ED0093DD881B1177C376F5C9886D1C4E64CB74697B660C6541EBB6A1D009C6AD4A0DD37CB02E2D10 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9899262535322757 |
Encrypted: | false |
SSDEEP: | 48:8wqbdETM/zHaidAKZdA1mehBiZUk1W1qehAy+C:8wxwS9gy |
MD5: | 2A8C251AEC919718321304BA006CA250 |
SHA1: | E4F3A8896EA2005B08F342B70605C64C9AE94B15 |
SHA-256: | 2326A45E9BAC23060C85EA055E5FFCFA17B77182C2913648C2AE264E3D1C3B13 |
SHA-512: | DFF3ED91367EEAF67923817F7E4BF073C3019C2F8474980D19F64F33BB82067AEB9A14AB81A3F952CE7F19ECB928E31A9E31C91E27C067F290FCD5889C766958 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.00056563233031 |
Encrypted: | false |
SSDEEP: | 48:8XqbdETM/zHaidAKZdA1duT1ehOuTbbiZUk5OjqehOuTbay+yT+:8XxwZTyTbxWOvTbay7T |
MD5: | 7D1034F679FF10DC45B9854C2598D178 |
SHA1: | 9D089331E000C0C7A976186318CF7D9B1F2D09A4 |
SHA-256: | D6B1B6CE34BC31F6A4F7A9F2EA93112568747017080991B387FDB8519E3F2FDE |
SHA-512: | A6A7E6679FD0B04465A0F69F2324DEDC3FDC1D35F6CF2C9F1199FC174B5AEB54B9C0A304CA2EAB4BFD30D671720381A4FDDDC7F29D3C6DD9C6C867B01DA38181 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5091 |
Entropy (8bit): | 7.923768885566106 |
Encrypted: | false |
SSDEEP: | 96:m3RjNsJybY12fFfnDc25KwN9ar3n+kcEE1S52xckap5XBchbgH:cKJybYYxDcxwgJvE13KppZ++H |
MD5: | 536ED0FB0DD074DE85F5FC0B9A38266F |
SHA1: | 9CD106C553A54BE2D6BC5B4593732E2FE5CAE884 |
SHA-256: | E06A178A7BF1F59A27638D2066FB1E58DD83177696452A570741FDEB8F680F71 |
SHA-512: | D93A463CE242F713168FD90EFFA0F5F7C538A8B1001CF3129A72F60E75F72CF2221FFFAD3B21A65910CC7A041F3F4D620C061090EC0764C632E792BCBA38D31D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 32499 |
Entropy (8bit): | 5.361345284201954 |
Encrypted: | false |
SSDEEP: | 768:mLX1O+aL6fgyIiREM4RKmh90toLoTswtF3ATcbDR6kIsnJd9DPyMv/FI:U2M4oltoLoTswtFoc/tIsnXFLI |
MD5: | D5C3FB8EAE24AB7E40009338B5078496 |
SHA1: | 5638BF5986A6445A88CD79A9B690B744B126BEC2 |
SHA-256: | 597C14D360D690BCFDC2B8D315E6BB8879AEF33DE6C30D274743079BDB63C6B0 |
SHA-512: | 6AE434850D473BEF15AA694AB4862596982CDDA6BD3991991D3ADD8F4A5F61DFBF8756D0DA98B72EF083909D68CF7B6B148A6488E9381F92FBF15CCB20176A0E |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=_b,_tp/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1416 |
Entropy (8bit): | 5.299417038163051 |
Encrypted: | false |
SSDEEP: | 24:kMYD7JqrxsNL90YIzFK/Hb5eNhz1uktdDuvKKKGbLZ99GbSSF/ZR8OkdnprGJ:o7JopFN+ASCKKGbF99GbSS3RY7rw |
MD5: | 6AEAE74D22F7C2D9658B057EA5D85069 |
SHA1: | 2F4644F53FB4E8EC4AFD49A31C55853F062D284C |
SHA-256: | EBFE7B5A1020808B9A02667ECC0E7E460643CBDE84F0B9C410C70A91C9726667 |
SHA-512: | C43F067D649CBC3091B9878715F718E47CD753C860EBEB20CD387C325640C2EF3CA9556D0689852CEF667C8E83BF42568BEF33C8A92BC07FDB91CB7EA608162D |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZfAoz,ZwDk9d,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=P6sQOc" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 5430 |
Entropy (8bit): | 3.6534652184263736 |
Encrypted: | false |
SSDEEP: | 48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B |
MD5: | F3418A443E7D841097C714D69EC4BCB8 |
SHA1: | 49263695F6B0CDD72F45CF1B775E660FDC36C606 |
SHA-256: | 6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770 |
SHA-512: | 82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563 |
Malicious: | false |
URL: | https://www.google.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 339369 |
Entropy (8bit): | 5.533022690974177 |
Encrypted: | false |
SSDEEP: | 3072:9hFx8tVGv15Iyr4t4s2GvgHVTYDh+rvVvurtVEWzcLmLyszIm8j2kzU:9NlvE+zTYDh+rvh8cLMijFg |
MD5: | FF16B667178352EFDF164CE3F16A8F55 |
SHA1: | E9B1BC661337502E31306B5E7AE37D93C0551455 |
SHA-256: | 625EC33FBA1BFF3734490AC15C8430CDB5850E9159B80F607E093BB73B7F243B |
SHA-512: | F197393CB05F94BCEDA0FE3176842E09CFCFC2348DE22C9815DD8369D5D333038E8F93F426994482E2E9731A859FA9B6B6062BAD4AA3BFD3C0730281C4CCADB9 |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=n73qwf,SCuOPb,IZT63,vfuNJf,UUJqVe,ws9Tlc,siKnQd,XVq9Qb,STuCOe,njlZCf,m9oV,vjKJJ,y5vRwf,iyZMqd,NTMZac,mzzZzc,rCcCxc,vvMGie,NOeYWe,O6y8ed,L9OGUe,PrPYRd,MpJwZc,qPfo0c,cYShmd,hc6Ubd,Rkm0ef,KUM7Z,oLggrd,inNHtf,L1AAkb,WpP9Yc,lwddkf,gJzDyc,SpsfSb,aC1iue,tUnxGc,aW3pY,ZakeSe,EFQ78c,xQtZb,I6YDgd,zbML3c,zr1jrb,vHEMJe,YHI3We,YTxL4,bSspM,Uas9Hd,zy0vNb,K0PMbc,AvtSve,qmdT9,MY7mZe,xBaz7b,GwYlN,eVCnO,EIOG1e,LDQI" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3131 |
Entropy (8bit): | 5.3750044852869046 |
Encrypted: | false |
SSDEEP: | 48:o7zfN/cD498xdg+Y5jNQ8js6npwk0OmNAEZbpMzR4EQBcW5QcHj9KWfGAeFKRrw:oCD9dA5jOEGh+EFqR4rhqUhzff9w |
MD5: | 39693D34EE3D1829DBB1627C4FC6687B |
SHA1: | A03303C2F027F3749B48D5134D1F8FB3E495C6E9 |
SHA-256: | 03B0C1B4E402E0BCF75D530DD9085B25357EEFD09E238453DE1F3A042542C076 |
SHA-512: | AC0749EDC33DA0EC0E40470388DD797B6528AD08B8FAC1C2AC42F85198131052BA1B533E90409D35DA237607E8B07D591FA6BA580B6A90B0D0AB2282A01F7585 |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZfAoz,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ZwDk9d,RMhBfe" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 52280 |
Entropy (8bit): | 7.995413196679271 |
Encrypted: | true |
SSDEEP: | 1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d |
MD5: | F61F0D4D0F968D5BBA39A84C76277E1A |
SHA1: | AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2 |
SHA-256: | 57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC |
SHA-512: | 6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487 |
Malicious: | false |
URL: | https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1858 |
Entropy (8bit): | 5.253939888205379 |
Encrypted: | false |
SSDEEP: | 48:o7BNJfeFb8L3A6FHqIy5Z+d70OCzSfvi/3fM/r8ZQzRrw:oFuILhFHrVCz0vLZz9w |
MD5: | 10FF6F99E3228E96AFD6E2C30EF97C0A |
SHA1: | 4AE3DCB8D1F5A0C302D5BAD9DFF5050A7A5E8130 |
SHA-256: | 95E5546E1C7F311D07BB5050CC456A973E43BCC4777BA6014757376016537679 |
SHA-512: | 116C0B1CAC98A27044100005545AB66BE5F4801D75DC259093A9F145B3A4ACD8DC1C360AF525F6DC8421CD54B675A78023D2ED8B57F5946A3969543758C673C9 |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZfAoz,ZwDk9d,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=iAskyc,ziXSP" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 22827 |
Entropy (8bit): | 5.420322672717721 |
Encrypted: | false |
SSDEEP: | 384:/jqdWXWfyA20UUjDE8BSUxDJs16KHvSN34kaHaN+587SaXD2mLR0H:/jqdWXAUUjDE84Wi6KPSKjHaN+58+0J2 |
MD5: | 2B29741A316862EE788996DD29116DD5 |
SHA1: | 9D5551916D4452E977C39B8D69CF88DF2AAA462B |
SHA-256: | 62955C853976B722EFBB4C116A10DB3FF54580EDD7495D280177550B8F4289AB |
SHA-512: | 6E37C3258F07F29909763728DADE0CD40A3602D55D9099F78B37756926FCF2A50008B82876B518FEAF3E56617F0F7D1D37A73C346A99A58E6AD8BCD6689E9B15 |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=RqjULd" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 358292 |
Entropy (8bit): | 5.622523467644739 |
Encrypted: | false |
SSDEEP: | 3072:sy/lJpABa9hEP2iyjV5ygVLdh3YB4qyhLD6Crjyp3Sm5pnrjtuo0MpLEKusgI8sw:TyTNoygVWyhoDAMpL5gI8seqfhP3p+L |
MD5: | 14049A4F8FB34A2FA52A0358C72B2F2E |
SHA1: | 680985BDBE3FA830B31A9F02D40AFE925C12E70E |
SHA-256: | 56C112F31C6F61735FE5EBD188AD0928406F04454AFEC139297328D3EE6540B4 |
SHA-512: | 5637742A7E2936540D957BA8A09991478EF0D4C28A3DA92D5260C7D5DA7BFD20811AFA26C0B53DD88D4A536B3C40A21ACA3310EFC17508A1C806B76ACB320631 |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=AvtSve,EFQ78c,EIOG1e,GwYlN,I6YDgd,IZT63,K0PMbc,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,y5vRwf,zbML3c,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=K1ZKnb,ziZ8Mc,b3kMqb,mvkUhe,CMcBD,Fndnac,t2srLd,EN3i8d,z0u0L,xiZRqc" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3471 |
Entropy (8bit): | 5.5174491302699495 |
Encrypted: | false |
SSDEEP: | 96:ojAmjTJ/fJgpIcB7Fd2tilGBEMO/A6VxV08w:vUTJpgDJXM0ApJ |
MD5: | 2D999C87DD54C7FE6400D267C33FBB23 |
SHA1: | 414C3A329C2760325EDBACBD7A221D7F8DBFEEE8 |
SHA-256: | 76D55A1AFC1D39CB04D60EB04E45A538A0E75EE2871561C84CC89B1C13596BCC |
SHA-512: | 72D923BB71DD147139962FF8E2BD0E336E0F6409C212AC2F25387D0F3B4FC9365F5A6D40E2980BB1065534888362C97D6B7663E362D29166B5915D2A9DA7D238 |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZfAoz,ZwDk9d,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,iAskyc,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,wg1P6b,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,WhJNk" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 5049 |
Entropy (8bit): | 5.317800104741948 |
Encrypted: | false |
SSDEEP: | 96:oHX9gPiPrfnHhsB0TR6kg1oDPJzLmM18Vh1z2fEZ54TZtnqj6w:EtEAr6BmPZtOeEvW/ncP |
MD5: | CE53EF566B68CCF2D62FA044CFB0D138 |
SHA1: | F48EC60289F2B55E8B388601206888F8295B1EB1 |
SHA-256: | E6CC5114D92811D5DE0663266D4B63F367834AFA0FC3BAFA54F707038C59D010 |
SHA-512: | 20B434881DE971E263669E6096C01665D4D35B0FBFF47D312A4A442645EE962A8CE6AD7E68246D4EE9691BD30D9B1DDCF7059226492E1B58CD3191B63B001E4D |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,P6sQOc,PHUIyb,PrPYRd,RMhBfe,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZZ4WUe,ZakeSe,ZfAoz,ZwDk9d,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,iAskyc,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,q0xTif,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,sOXFj,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziXSP,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=wg1P6b" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 603951 |
Entropy (8bit): | 5.789949489744101 |
Encrypted: | false |
SSDEEP: | 3072:x0pApkygA62bwwdnO2YflNYhFGOizdGj008PpVVM96C5bMEPQUhts6FV8eKqtVAT:xlgNmwwdnOsF98oNGuQRAYqXsI1+ |
MD5: | 036BC6CEC1912EAA63C716C2A7494AFC |
SHA1: | C32891F55B0D7A86DCE1BDBB7B84DB21C2A09F4F |
SHA-256: | 1A6181C3DFAEE5919CE57152DCFFCDC4B151C5FB2969CFD62168C1711FF202CF |
SHA-512: | 0AAA2285D109114921B5FD8A15F9A3D1F218AF8C61054B3925965E6753F8A49B45798326EA986C4A6B6180B6C36292A4652E2BA730C7505684DAAA4B5C314675 |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlGsNipZrCRRMFQh1-tVmHSsIDzQTA/m=_b,_tp" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 9210 |
Entropy (8bit): | 5.3872171131917925 |
Encrypted: | false |
SSDEEP: | 192:FK/pAzN7GZ068Hqhqu6DQaVapzYjgKItwdiwUsYRTi1j1t9bRl9:FqI7GZ04dRYjghtgisYYbt9ll9 |
MD5: | AB70454DE18E1CE16E61EAC290FC304D |
SHA1: | 68532B5E8B262D7E14B8F4507AA69A61146B3C18 |
SHA-256: | B32D746867CC4FA21FD39437502F401D952D0A3E8DC708DFB7D58B85F256C0F1 |
SHA-512: | A123C517380BEF0B47F23A5A6E1D16650FE39D9C701F9FA5ADD79294973C118E8EA3A7BA32CB63C3DFC0CE0F843FB86BFFCAA2AAE987629E7DFF84F176DEBB98 |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=AvtSve,CMcBD,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PrPYRd,Rkm0ef,SCuOPb,STuCOe,SpsfSb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,byfTOb,cYShmd,eVCnO,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,qPfo0c,qmdT9,rCcCxc,siKnQd,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=ltDFwf,SD8Jgb,rmumx,E87wgc,qPYxq,Tbb4sb,pxq3x,f8Gu1e,soHxf,YgOFye,yRXbo,bTi8wc,ywOR5c,PHUIyb" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1652 |
Entropy (8bit): | 5.296387798840289 |
Encrypted: | false |
SSDEEP: | 48:o7YNJvl3WlDQENrpB3stYCIgMxILNH/wf7DVTBpdQrw:o5fpB8iDwYlGw |
MD5: | F18EA2D35027D6173E2864B5863CB6E3 |
SHA1: | 1979174E786593DAFD2B23084F26332AB929216C |
SHA-256: | 547E151C2D842255451D651B749239B28DED9F803B524A77BD1E14D878BDAF58 |
SHA-512: | A031A439A99BCA557951A75234766033145E7D05E8453A4FE9BC0EA091E49BA59AF1479850D1E896B2D114575A80CCE111A787E7EEA9A7F288C78AD325436C18 |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=AvtSve,CMcBD,E87wgc,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,MpJwZc,NOeYWe,NTMZac,O6y8ed,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZakeSe,_b,_tp,aC1iue,aW3pY,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,f8Gu1e,gJzDyc,hc6Ubd,inNHtf,iyZMqd,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,ws9Tlc,xBaz7b,xQtZb,xiZRqc,y5vRwf,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=xUdipf,OTA3Ae,A1yn5d,fKUV3e,aurFic,Ug7Xab,NwH0H,OmgaI,gychg,w9hDv,EEDORb,Mlhmy,ZfAoz,kWgXee,ovKuLd,yDVVkb,ebZ3mb,ZDZcre,A7fCU" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 84 |
Entropy (8bit): | 4.875266466142591 |
Encrypted: | false |
SSDEEP: | 3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ |
MD5: | 87B6333E98B7620EA1FF98D1A837A39E |
SHA1: | 105DE6815B0885357DE1414BFC0D77FCC9E924EF |
SHA-256: | DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA |
SHA-512: | 867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994 |
Malicious: | false |
URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4070 |
Entropy (8bit): | 5.362700670482359 |
Encrypted: | false |
SSDEEP: | 96:GUpT+TmXtdW1qsHFcn7t7CnyWYvNTcLaQOw:lpT+qXW1PFcn7tGnyWY1TGb |
MD5: | ED368A20CB303C0E7C6A3E6E43C2E14F |
SHA1: | 429A5C538B45221F80405163D1F87912DD73C05A |
SHA-256: | 93BA77AD4B11E0A70C0D36576F0DF24E27F50001EA02BAA6D357E034532D97F2 |
SHA-512: | DE74BBADE910475DD245FFEFD4E1FD10137DE710B1C920D33BA52554911496E1339EF3C1F6D9D315CBC98A60ABE5687A3E7D8BEE483708E18D25722E794BDBE9 |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en._s1fC-CLCMs.es5.O/ck=boq-identity.AccountsSignInUi.gkspycgpiCY.L.B1.O/am=xIFgKBimEQjEE86BHlAUCBkAAAAAAAAAALQBAIBm/d=1/exm=A1yn5d,A7fCU,AvtSve,CMcBD,E87wgc,EEDORb,EFQ78c,EIOG1e,EN3i8d,Fndnac,GwYlN,I6YDgd,IZT63,K0PMbc,K1ZKnb,KUM7Z,L1AAkb,L9OGUe,LDQI,LEikZe,MY7mZe,Mlhmy,MpJwZc,NOeYWe,NTMZac,NwH0H,O6y8ed,OTA3Ae,OmgaI,PHUIyb,PrPYRd,Rkm0ef,RqjULd,SCuOPb,SD8Jgb,STuCOe,SpsfSb,Tbb4sb,UUJqVe,Uas9Hd,Ug7Xab,WpP9Yc,XVq9Qb,YHI3We,YTxL4,YgOFye,ZDZcre,ZakeSe,ZfAoz,_b,_tp,aC1iue,aW3pY,aurFic,b3kMqb,bSspM,bTi8wc,byfTOb,cYShmd,eVCnO,ebZ3mb,f8Gu1e,fKUV3e,gJzDyc,gychg,hc6Ubd,inNHtf,iyZMqd,kWgXee,lsjVmc,ltDFwf,lwddkf,m9oV,mvkUhe,mzzZzc,n73qwf,njlZCf,oLggrd,ovKuLd,pxq3x,qPYxq,qPfo0c,qmdT9,rCcCxc,rmumx,siKnQd,soHxf,t2srLd,tUnxGc,vHEMJe,vfuNJf,vjKJJ,vvMGie,w9hDv,ws9Tlc,xBaz7b,xQtZb,xUdipf,xiZRqc,y5vRwf,yDVVkb,yRXbo,ywOR5c,z0u0L,zbML3c,ziZ8Mc,zr1jrb,zy0vNb/excm=_b,_tp,identifierview/ed=1/wt=2/ujg=1/rs=AOaEmlGbG-r9dBZftM0U0ZDPTNCqugT4jw/ee=ASJRFf:DAnQ7e;Al0B8:kibjWe;DaIJ8c:iAskyc;EVNhjf:pw70Gc;EkYFhd:GwYlN;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SMDL4c:K0PMbc;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;UpnZUd:nnwwYc;Uvc8o:VDovNc;XdiAjb:NLiXbe;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:vfuNJf;lOO0Vd:OTA3Ae;nAFL3:NTMZac;nTuGK:JKNPM;oGtAuc:sOXFj;oSUNyd:K0PMbc;oXZmbc:tUnxGc;pXdRYb:L9OGUe;qafBPd:yDVVkb;qddgKe:xQtZb;vNjB7d:YTxL4;wR5FRb:siKnQd;yxTchf:KUM7Z/m=sOXFj,q0xTif,ZZ4WUe" |
Preview: |
File type: | |
Entropy (8bit): | 7.036733653060842 |
TrID: |
|
File name: | file.exe |
File size: | 1'167'360 bytes |
MD5: | 55ad212ef14e1d3a99251ba84d4c3497 |
SHA1: | 5f7127f6f859cae4b9d19f700196cb207a6ddd87 |
SHA256: | c4ef6abb3459faf2b1c99b9ebdb68e27bda102f71df30c1e773bf737cc2d9f33 |
SHA512: | 8199e1b9e83ea7f028c6f851b886d3cac829c533489c5e3292bc74b94df2900c7e4168dadec1f4ac0e12bff8a08679433586f79b719a240bb94cb816df5b5c76 |
SSDEEP: | 24576:yqDEvCTbMWu7rQYlBQcBiT6rprG8arB2+b+HdiJUK:yTvC/MTQYxsWR7arB2+b+HoJU |
TLSH: | 2F45CF027391C062FF9B92734F5AF6115BBC69260123E61F13981DBABE701B1563E7A3 |
File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z.... |
Icon Hash: | aaf3e3e3938382a0 |
Entrypoint: | 0x420577 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66F68E2B [Fri Sep 27 10:51:23 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 948cc502fe9226992dce9417f952fce3 |
Instruction |
---|
call 00007FE18C6DA623h |
jmp 00007FE18C6D9F2Fh |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007FE18C6DA10Dh |
mov dword ptr [esi], 0049FDF0h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FDF8h |
mov dword ptr [ecx], 0049FDF0h |
ret |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007FE18C6DA0DAh |
mov dword ptr [esi], 0049FE0Ch |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FE14h |
mov dword ptr [ecx], 0049FE0Ch |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
and dword ptr [eax], 00000000h |
and dword ptr [eax+04h], 00000000h |
push eax |
mov eax, dword ptr [ebp+08h] |
add eax, 04h |
push eax |
call 00007FE18C6DCCCDh |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
lea eax, dword ptr [ecx+04h] |
mov dword ptr [ecx], 0049FDD0h |
push eax |
call 00007FE18C6DCD18h |
pop ecx |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
push eax |
call 00007FE18C6DCD01h |
test byte ptr [ebp+08h], 00000001h |
pop ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc8e64 | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd4000 | 0x46464 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x11b000 | 0x7594 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xb0ff0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xc3400 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xb1010 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9c000 | 0x894 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x9ab1d | 0x9ac00 | 0a1473f3064dcbc32ef93c5c8a90f3a6 | False | 0.565500681542811 | data | 6.668273581389308 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x9c000 | 0x2fb82 | 0x2fc00 | c9cf2468b60bf4f80f136ed54b3989fb | False | 0.35289185209424084 | data | 5.691811547483722 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xcc000 | 0x706c | 0x4800 | 53b9025d545d65e23295e30afdbd16d9 | False | 0.04356553819444445 | DOS executable (block device driver @\273\) | 0.5846666986982398 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xd4000 | 0x46464 | 0x46600 | 68ff0046bdc2a2c57ac55761e7ca63e2 | False | 0.9059655306394316 | data | 7.844923732352645 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x11b000 | 0x7594 | 0x7600 | c68ee8931a32d45eb82dc450ee40efc3 | False | 0.7628111758474576 | data | 6.7972128181359786 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xd45a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0xd46d0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
RT_ICON | 0xd47f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_ICON | 0xd4920 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | English | Great Britain | 0.3333333333333333 |
RT_ICON | 0xd4c08 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | English | Great Britain | 0.5 |
RT_ICON | 0xd4d30 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | Great Britain | 0.2835820895522388 |
RT_ICON | 0xd5bd8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | Great Britain | 0.37906137184115524 |
RT_ICON | 0xd6480 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | Great Britain | 0.23699421965317918 |
RT_ICON | 0xd69e8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | Great Britain | 0.13858921161825727 |
RT_ICON | 0xd8f90 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | Great Britain | 0.25070356472795496 |
RT_ICON | 0xda038 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | Great Britain | 0.3173758865248227 |
RT_MENU | 0xda4a0 | 0x50 | data | English | Great Britain | 0.9 |
RT_STRING | 0xda4f0 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
RT_STRING | 0xdaa84 | 0x68a | data | English | Great Britain | 0.2735961768219833 |
RT_STRING | 0xdb110 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
RT_STRING | 0xdb5a0 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
RT_STRING | 0xdbb9c | 0x65c | data | English | Great Britain | 0.34336609336609336 |
RT_STRING | 0xdc1f8 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
RT_STRING | 0xdc660 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
RT_RCDATA | 0xdc7b8 | 0x3d72c | data | 1.0003416874592757 | ||
RT_GROUP_ICON | 0x119ee4 | 0x76 | data | English | Great Britain | 0.6610169491525424 |
RT_GROUP_ICON | 0x119f5c | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0x119f70 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0x119f84 | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0x119f98 | 0xdc | data | English | Great Britain | 0.6181818181818182 |
RT_MANIFEST | 0x11a074 | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
DLL | Import |
---|---|
WSOCK32.dll | gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect |
VERSION.dll | GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW |
WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
MPR.dll | WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W |
WININET.dll | HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable |
PSAPI.DLL | GetProcessMemoryInfo |
IPHLPAPI.DLL | IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile |
USERENV.dll | DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile |
UxTheme.dll | IsThemeActive |
KERNEL32.dll | DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW |
USER32.dll | GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient |
GDI32.dll | EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath |
COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW |
SHELL32.dll | DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW |
ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket |
OLEAUT32.dll | CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 12:54:00.917817116 CEST | 49674 | 443 | 192.168.2.10 | 173.222.162.55 |
Sep 27, 2024 12:54:00.918308020 CEST | 49675 | 443 | 192.168.2.10 | 173.222.162.55 |
Sep 27, 2024 12:54:01.322110891 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Sep 27, 2024 12:54:01.636499882 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Sep 27, 2024 12:54:02.245902061 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Sep 27, 2024 12:54:02.386641026 CEST | 49671 | 443 | 192.168.2.10 | 204.79.197.203 |
Sep 27, 2024 12:54:03.449126005 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Sep 27, 2024 12:54:05.855241060 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Sep 27, 2024 12:54:07.357471943 CEST | 49703 | 443 | 192.168.2.10 | 142.250.185.238 |
Sep 27, 2024 12:54:07.357481003 CEST | 443 | 49703 | 142.250.185.238 | 192.168.2.10 |
Sep 27, 2024 12:54:07.357527018 CEST | 49703 | 443 | 192.168.2.10 | 142.250.185.238 |
Sep 27, 2024 12:54:07.359200954 CEST | 49703 | 443 | 192.168.2.10 | 142.250.185.238 |
Sep 27, 2024 12:54:07.359217882 CEST | 443 | 49703 | 142.250.185.238 | 192.168.2.10 |
Sep 27, 2024 12:54:08.004549980 CEST | 443 | 49703 | 142.250.185.238 | 192.168.2.10 |
Sep 27, 2024 12:54:08.005548000 CEST | 49703 | 443 | 192.168.2.10 | 142.250.185.238 |
Sep 27, 2024 12:54:08.005563974 CEST | 443 | 49703 | 142.250.185.238 | 192.168.2.10 |
Sep 27, 2024 12:54:08.005986929 CEST | 443 | 49703 | 142.250.185.238 | 192.168.2.10 |
Sep 27, 2024 12:54:08.006133080 CEST | 49703 | 443 | 192.168.2.10 | 142.250.185.238 |
Sep 27, 2024 12:54:08.006802082 CEST | 443 | 49703 | 142.250.185.238 | 192.168.2.10 |
Sep 27, 2024 12:54:08.006869078 CEST | 49703 | 443 | 192.168.2.10 | 142.250.185.238 |
Sep 27, 2024 12:54:08.009032011 CEST | 49703 | 443 | 192.168.2.10 | 142.250.185.238 |
Sep 27, 2024 12:54:08.009109020 CEST | 443 | 49703 | 142.250.185.238 | 192.168.2.10 |
Sep 27, 2024 12:54:08.009318113 CEST | 49703 | 443 | 192.168.2.10 | 142.250.185.238 |
Sep 27, 2024 12:54:08.009331942 CEST | 443 | 49703 | 142.250.185.238 | 192.168.2.10 |
Sep 27, 2024 12:54:08.057833910 CEST | 49703 | 443 | 192.168.2.10 | 142.250.185.238 |
Sep 27, 2024 12:54:08.286497116 CEST | 443 | 49703 | 142.250.185.238 | 192.168.2.10 |
Sep 27, 2024 12:54:08.286559105 CEST | 49703 | 443 | 192.168.2.10 | 142.250.185.238 |
Sep 27, 2024 12:54:08.286567926 CEST | 443 | 49703 | 142.250.185.238 | 192.168.2.10 |
Sep 27, 2024 12:54:08.286588907 CEST | 443 | 49703 | 142.250.185.238 | 192.168.2.10 |
Sep 27, 2024 12:54:08.286628008 CEST | 49703 | 443 | 192.168.2.10 | 142.250.185.238 |
Sep 27, 2024 12:54:08.287507057 CEST | 49703 | 443 | 192.168.2.10 | 142.250.185.238 |
Sep 27, 2024 12:54:08.287520885 CEST | 443 | 49703 | 142.250.185.238 | 192.168.2.10 |
Sep 27, 2024 12:54:08.300559044 CEST | 49707 | 443 | 192.168.2.10 | 142.250.184.206 |
Sep 27, 2024 12:54:08.300585985 CEST | 443 | 49707 | 142.250.184.206 | 192.168.2.10 |
Sep 27, 2024 12:54:08.300796032 CEST | 49707 | 443 | 192.168.2.10 | 142.250.184.206 |
Sep 27, 2024 12:54:08.301207066 CEST | 49707 | 443 | 192.168.2.10 | 142.250.184.206 |
Sep 27, 2024 12:54:08.301218987 CEST | 443 | 49707 | 142.250.184.206 | 192.168.2.10 |
Sep 27, 2024 12:54:08.938621044 CEST | 443 | 49707 | 142.250.184.206 | 192.168.2.10 |
Sep 27, 2024 12:54:08.938895941 CEST | 49707 | 443 | 192.168.2.10 | 142.250.184.206 |
Sep 27, 2024 12:54:08.938905001 CEST | 443 | 49707 | 142.250.184.206 | 192.168.2.10 |
Sep 27, 2024 12:54:08.939316988 CEST | 443 | 49707 | 142.250.184.206 | 192.168.2.10 |
Sep 27, 2024 12:54:08.939402103 CEST | 49707 | 443 | 192.168.2.10 | 142.250.184.206 |
Sep 27, 2024 12:54:08.940046072 CEST | 443 | 49707 | 142.250.184.206 | 192.168.2.10 |
Sep 27, 2024 12:54:08.940088987 CEST | 49707 | 443 | 192.168.2.10 | 142.250.184.206 |
Sep 27, 2024 12:54:08.941103935 CEST | 49707 | 443 | 192.168.2.10 | 142.250.184.206 |
Sep 27, 2024 12:54:08.941163063 CEST | 443 | 49707 | 142.250.184.206 | 192.168.2.10 |
Sep 27, 2024 12:54:08.941302061 CEST | 49707 | 443 | 192.168.2.10 | 142.250.184.206 |
Sep 27, 2024 12:54:08.941309929 CEST | 443 | 49707 | 142.250.184.206 | 192.168.2.10 |
Sep 27, 2024 12:54:08.995275974 CEST | 49707 | 443 | 192.168.2.10 | 142.250.184.206 |
Sep 27, 2024 12:54:10.238708973 CEST | 443 | 49707 | 142.250.184.206 | 192.168.2.10 |
Sep 27, 2024 12:54:10.238729954 CEST | 443 | 49707 | 142.250.184.206 | 192.168.2.10 |
Sep 27, 2024 12:54:10.238800049 CEST | 443 | 49707 | 142.250.184.206 | 192.168.2.10 |
Sep 27, 2024 12:54:10.238809109 CEST | 49707 | 443 | 192.168.2.10 | 142.250.184.206 |
Sep 27, 2024 12:54:10.238898039 CEST | 49707 | 443 | 192.168.2.10 | 142.250.184.206 |
Sep 27, 2024 12:54:10.241503954 CEST | 49707 | 443 | 192.168.2.10 | 142.250.184.206 |
Sep 27, 2024 12:54:10.241513968 CEST | 443 | 49707 | 142.250.184.206 | 192.168.2.10 |
Sep 27, 2024 12:54:10.526525021 CEST | 49674 | 443 | 192.168.2.10 | 173.222.162.55 |
Sep 27, 2024 12:54:10.526529074 CEST | 49675 | 443 | 192.168.2.10 | 173.222.162.55 |
Sep 27, 2024 12:54:10.667162895 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Sep 27, 2024 12:54:10.722995996 CEST | 49710 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:10.723022938 CEST | 443 | 49710 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:10.723109007 CEST | 49710 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:10.723315954 CEST | 49710 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:10.723331928 CEST | 443 | 49710 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:11.359724045 CEST | 443 | 49710 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:11.360038996 CEST | 49710 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:11.360049009 CEST | 443 | 49710 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:11.361562014 CEST | 443 | 49710 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:11.361628056 CEST | 49710 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:11.362796068 CEST | 49710 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:11.362876892 CEST | 443 | 49710 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:11.417212963 CEST | 49710 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:11.417228937 CEST | 443 | 49710 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:11.464071035 CEST | 49710 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:11.995357037 CEST | 49671 | 443 | 192.168.2.10 | 204.79.197.203 |
Sep 27, 2024 12:54:12.120594978 CEST | 49713 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:12.120642900 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:12.120729923 CEST | 49713 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:12.122371912 CEST | 49713 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:12.122390032 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:12.775772095 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:12.775825977 CEST | 49713 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:12.781001091 CEST | 49713 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:12.781013966 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:12.781265974 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:12.823395014 CEST | 49713 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:12.827995062 CEST | 49713 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:12.871396065 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:13.086709023 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:13.086771011 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:13.086817026 CEST | 49713 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:13.086894989 CEST | 49713 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:13.086916924 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:13.086937904 CEST | 49713 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:13.086945057 CEST | 443 | 49713 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:13.124802113 CEST | 49717 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:13.124838114 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:13.125046968 CEST | 49717 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:13.125241041 CEST | 49717 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:13.125257015 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:13.826025963 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:13.826175928 CEST | 49717 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:13.829979897 CEST | 49717 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:13.829992056 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:13.830308914 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:13.831562042 CEST | 49717 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:13.879399061 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:14.105639935 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:14.105712891 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:14.106507063 CEST | 49717 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:14.350146055 CEST | 49717 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:14.350147009 CEST | 49717 | 443 | 192.168.2.10 | 184.28.90.27 |
Sep 27, 2024 12:54:14.350168943 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:14.350178003 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.10 |
Sep 27, 2024 12:54:18.170547009 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:18.170594931 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:18.170675039 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:18.170869112 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:18.170885086 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:18.888365030 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:18.888672113 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:18.888684988 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:18.889096975 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:18.889179945 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:18.889842033 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:18.889926910 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:18.891035080 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:18.891110897 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:18.891280890 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:18.891290903 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:18.932832956 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.211148024 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.212517977 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.212575912 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.212594986 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.212707043 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.213077068 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.213237047 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.218904018 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.219074965 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.219229937 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.219274044 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.225801945 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.226160049 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.238462925 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.238491058 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.238540888 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.238554001 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.238629103 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.253422022 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.253515959 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.337632895 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.337899923 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.338531971 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.338632107 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.339310884 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.339375973 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.342248917 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.342303038 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.344763041 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.344854116 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.345030069 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.345042944 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.345120907 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.346689939 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.346792936 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.346801043 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.348232985 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.349844933 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.349853992 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.354048014 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.354094028 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.354101896 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.359520912 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.359628916 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.371166945 CEST | 49735 | 443 | 192.168.2.10 | 216.58.206.46 |
Sep 27, 2024 12:54:19.371181011 CEST | 443 | 49735 | 216.58.206.46 | 192.168.2.10 |
Sep 27, 2024 12:54:19.617516994 CEST | 49737 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:19.617568970 CEST | 443 | 49737 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:19.617670059 CEST | 49737 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:19.623801947 CEST | 49738 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:19.623847008 CEST | 443 | 49738 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:19.623909950 CEST | 49738 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:19.624656916 CEST | 49737 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:19.624674082 CEST | 443 | 49737 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:19.625056028 CEST | 49738 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:19.625062943 CEST | 443 | 49738 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.277235031 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Sep 27, 2024 12:54:20.511369944 CEST | 443 | 49737 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.512546062 CEST | 443 | 49738 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.532943010 CEST | 49738 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.532973051 CEST | 443 | 49738 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.533068895 CEST | 49737 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.533077002 CEST | 443 | 49737 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.533432961 CEST | 443 | 49738 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.533487082 CEST | 49738 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.533607006 CEST | 443 | 49737 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.533668041 CEST | 49737 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.534183979 CEST | 443 | 49738 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.534224033 CEST | 49738 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.534332037 CEST | 443 | 49737 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.534369946 CEST | 49737 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.535571098 CEST | 49738 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.535655022 CEST | 443 | 49738 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.535669088 CEST | 49737 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.535763025 CEST | 443 | 49737 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.535913944 CEST | 49738 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.535926104 CEST | 443 | 49738 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.535999060 CEST | 49737 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.536005974 CEST | 443 | 49737 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.577195883 CEST | 49737 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.577370882 CEST | 49738 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.836904049 CEST | 443 | 49737 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.836983919 CEST | 443 | 49737 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.837071896 CEST | 49737 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.837706089 CEST | 49737 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.837723970 CEST | 443 | 49737 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.839133024 CEST | 49743 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.839169025 CEST | 443 | 49743 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.839309931 CEST | 49743 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.839761972 CEST | 443 | 49738 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.839835882 CEST | 443 | 49738 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.840223074 CEST | 49738 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.840233088 CEST | 443 | 49738 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.840253115 CEST | 49738 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.840282917 CEST | 49738 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.840426922 CEST | 49743 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.840442896 CEST | 443 | 49743 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.841098070 CEST | 49744 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.841120958 CEST | 443 | 49744 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:20.841176033 CEST | 49744 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.841533899 CEST | 49744 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:20.841543913 CEST | 443 | 49744 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.049850941 CEST | 49745 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:54:21.049892902 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:21.049993992 CEST | 49745 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:54:21.051172018 CEST | 49745 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:54:21.051187038 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:21.260512114 CEST | 443 | 49710 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:21.260582924 CEST | 443 | 49710 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:21.260620117 CEST | 49710 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:21.479909897 CEST | 49710 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:21.479937077 CEST | 443 | 49710 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:21.586874962 CEST | 443 | 49744 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.612476110 CEST | 443 | 49743 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.651637077 CEST | 49744 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:21.667274952 CEST | 49743 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:21.800447941 CEST | 49744 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:21.800472021 CEST | 443 | 49744 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.800689936 CEST | 49743 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:21.800698996 CEST | 443 | 49743 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.801062107 CEST | 443 | 49744 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.801078081 CEST | 443 | 49744 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.801126003 CEST | 49744 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:21.801253080 CEST | 443 | 49743 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.801264048 CEST | 443 | 49743 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.801317930 CEST | 49743 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:21.801826000 CEST | 443 | 49744 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.801870108 CEST | 49744 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:21.802021027 CEST | 443 | 49743 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.802073956 CEST | 49743 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:21.807512999 CEST | 49744 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:21.807605982 CEST | 443 | 49744 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.810832024 CEST | 49743 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:21.810930014 CEST | 443 | 49743 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.810956955 CEST | 49744 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:21.810966015 CEST | 443 | 49744 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.810985088 CEST | 49744 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:21.811086893 CEST | 49743 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:21.811088085 CEST | 49743 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:21.811095953 CEST | 443 | 49743 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.851412058 CEST | 443 | 49743 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.851445913 CEST | 443 | 49744 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:21.854736090 CEST | 49744 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:21.854751110 CEST | 49743 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:21.948996067 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:21.949063063 CEST | 49745 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:54:21.953438044 CEST | 49745 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:54:21.953463078 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:21.953705072 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:22.007623911 CEST | 49745 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:54:22.205135107 CEST | 443 | 49744 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:22.205252886 CEST | 443 | 49744 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:22.205307961 CEST | 49744 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:22.206417084 CEST | 49744 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:22.206439018 CEST | 443 | 49744 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:22.219172001 CEST | 443 | 49743 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:22.221010923 CEST | 443 | 49743 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:22.221132994 CEST | 49743 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:22.224591017 CEST | 49743 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:22.224605083 CEST | 443 | 49743 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:22.961045027 CEST | 49672 | 443 | 192.168.2.10 | 173.222.162.55 |
Sep 27, 2024 12:54:22.998966932 CEST | 49745 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:54:23.039407015 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:23.045948982 CEST | 49753 | 443 | 192.168.2.10 | 173.222.162.55 |
Sep 27, 2024 12:54:23.045983076 CEST | 443 | 49753 | 173.222.162.55 | 192.168.2.10 |
Sep 27, 2024 12:54:23.046194077 CEST | 49753 | 443 | 192.168.2.10 | 173.222.162.55 |
Sep 27, 2024 12:54:23.046386003 CEST | 49753 | 443 | 192.168.2.10 | 173.222.162.55 |
Sep 27, 2024 12:54:23.046396017 CEST | 443 | 49753 | 173.222.162.55 | 192.168.2.10 |
Sep 27, 2024 12:54:23.123151064 CEST | 49754 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:23.123176098 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:23.123332977 CEST | 49754 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:23.124237061 CEST | 49754 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:23.124249935 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:23.275991917 CEST | 49672 | 443 | 192.168.2.10 | 173.222.162.55 |
Sep 27, 2024 12:54:23.291671038 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:23.291701078 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:23.291709900 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:23.291738987 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:23.291750908 CEST | 49745 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:54:23.291753054 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:23.291765928 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:23.291793108 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:23.291807890 CEST | 49745 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:54:23.291807890 CEST | 49745 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:54:23.291841030 CEST | 49745 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:54:23.295342922 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:23.295402050 CEST | 49745 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:54:23.295411110 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:23.298244953 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:23.298291922 CEST | 49745 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:54:23.869137049 CEST | 443 | 49753 | 173.222.162.55 | 192.168.2.10 |
Sep 27, 2024 12:54:23.869211912 CEST | 49753 | 443 | 192.168.2.10 | 173.222.162.55 |
Sep 27, 2024 12:54:23.885312080 CEST | 49672 | 443 | 192.168.2.10 | 173.222.162.55 |
Sep 27, 2024 12:54:23.943530083 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:23.945939064 CEST | 49754 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:23.945950985 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:23.946367025 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:23.947884083 CEST | 49754 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:23.947884083 CEST | 49754 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:23.947899103 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:23.947952032 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:23.994822025 CEST | 49754 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:24.064479113 CEST | 49745 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:54:24.064512968 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:24.064532995 CEST | 49745 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:54:24.064541101 CEST | 443 | 49745 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:54:24.242711067 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:24.242757082 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:24.243412971 CEST | 49754 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:24.243433952 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:24.247704983 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:24.247765064 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:24.247843981 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:24.247888088 CEST | 49754 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:24.247888088 CEST | 49754 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:24.248380899 CEST | 49754 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:54:24.248399973 CEST | 443 | 49754 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:54:25.090799093 CEST | 49672 | 443 | 192.168.2.10 | 173.222.162.55 |
Sep 27, 2024 12:54:26.871226072 CEST | 49758 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:26.871260881 CEST | 443 | 49758 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:26.871422052 CEST | 49758 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:26.872054100 CEST | 49758 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:26.872070074 CEST | 443 | 49758 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:27.495018005 CEST | 49672 | 443 | 192.168.2.10 | 173.222.162.55 |
Sep 27, 2024 12:54:27.786485910 CEST | 443 | 49758 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:27.786901951 CEST | 49758 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:27.786911964 CEST | 443 | 49758 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:27.787293911 CEST | 443 | 49758 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:27.788219929 CEST | 49758 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:27.788290977 CEST | 443 | 49758 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:27.788346052 CEST | 49758 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:27.788346052 CEST | 49758 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:27.788377047 CEST | 443 | 49758 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:28.192625999 CEST | 443 | 49758 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:28.192768097 CEST | 443 | 49758 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:28.192981958 CEST | 49758 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:28.193916082 CEST | 49758 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:28.193932056 CEST | 443 | 49758 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:32.307399035 CEST | 49672 | 443 | 192.168.2.10 | 173.222.162.55 |
Sep 27, 2024 12:54:41.917123079 CEST | 49672 | 443 | 192.168.2.10 | 173.222.162.55 |
Sep 27, 2024 12:54:43.030376911 CEST | 443 | 49753 | 173.222.162.55 | 192.168.2.10 |
Sep 27, 2024 12:54:43.030528069 CEST | 49753 | 443 | 192.168.2.10 | 173.222.162.55 |
Sep 27, 2024 12:54:50.168860912 CEST | 49759 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:50.169004917 CEST | 443 | 49759 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:50.169112921 CEST | 49759 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:50.171758890 CEST | 49759 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:50.171777964 CEST | 443 | 49759 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:50.282093048 CEST | 49760 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:50.282188892 CEST | 443 | 49760 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:50.282257080 CEST | 49760 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:50.282527924 CEST | 49760 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:50.282557011 CEST | 443 | 49760 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:51.872598886 CEST | 49761 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:51.872639894 CEST | 443 | 49761 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:51.872724056 CEST | 49761 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:51.873280048 CEST | 49761 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:51.873296022 CEST | 443 | 49761 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:54.096946001 CEST | 443 | 49760 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:54.097572088 CEST | 49760 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:54.097604990 CEST | 443 | 49760 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:54.098215103 CEST | 443 | 49760 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:54.098999023 CEST | 49760 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:54.099114895 CEST | 443 | 49760 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:54.099163055 CEST | 49760 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:54.099246025 CEST | 49760 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:54.099255085 CEST | 443 | 49760 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:54.725325108 CEST | 443 | 49761 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:54.725718975 CEST | 49761 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:54.725737095 CEST | 443 | 49761 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:54.726049900 CEST | 443 | 49761 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:54.726176977 CEST | 49761 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:54.726766109 CEST | 443 | 49761 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:54.726833105 CEST | 49761 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:54.727011919 CEST | 49761 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:54.727124929 CEST | 443 | 49761 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:54.727200031 CEST | 49761 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:54.727209091 CEST | 443 | 49761 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:54.727266073 CEST | 49761 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:54:54.767399073 CEST | 443 | 49761 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:54:54.778152943 CEST | 49761 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:55:00.332930088 CEST | 49762 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:55:00.332959890 CEST | 443 | 49762 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:55:00.333049059 CEST | 49762 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:55:00.333412886 CEST | 49762 | 443 | 192.168.2.10 | 4.245.163.56 |
Sep 27, 2024 12:55:00.333420992 CEST | 443 | 49762 | 4.245.163.56 | 192.168.2.10 |
Sep 27, 2024 12:55:10.778420925 CEST | 49763 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:55:10.778491974 CEST | 443 | 49763 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:55:10.778608084 CEST | 49763 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:55:10.778918982 CEST | 49763 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:55:10.778943062 CEST | 443 | 49763 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:55:20.182626009 CEST | 49759 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:55:20.227412939 CEST | 443 | 49759 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:55:39.105931044 CEST | 49760 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:55:39.105963945 CEST | 443 | 49760 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:55:39.780004025 CEST | 49761 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:55:39.780019045 CEST | 443 | 49761 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:55:40.780157089 CEST | 49763 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:55:40.827404022 CEST | 443 | 49763 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:55:51.730477095 CEST | 49769 | 443 | 192.168.2.10 | 172.217.23.110 |
Sep 27, 2024 12:55:51.730549097 CEST | 443 | 49769 | 172.217.23.110 | 192.168.2.10 |
Sep 27, 2024 12:55:51.730623960 CEST | 49769 | 443 | 192.168.2.10 | 172.217.23.110 |
Sep 27, 2024 12:55:51.730926037 CEST | 49769 | 443 | 192.168.2.10 | 172.217.23.110 |
Sep 27, 2024 12:55:51.730945110 CEST | 443 | 49769 | 172.217.23.110 | 192.168.2.10 |
Sep 27, 2024 12:55:54.063113928 CEST | 49770 | 443 | 192.168.2.10 | 172.217.23.110 |
Sep 27, 2024 12:55:54.063225031 CEST | 443 | 49770 | 172.217.23.110 | 192.168.2.10 |
Sep 27, 2024 12:55:54.063339949 CEST | 49770 | 443 | 192.168.2.10 | 172.217.23.110 |
Sep 27, 2024 12:55:54.063632011 CEST | 49770 | 443 | 192.168.2.10 | 172.217.23.110 |
Sep 27, 2024 12:55:54.063671112 CEST | 443 | 49770 | 172.217.23.110 | 192.168.2.10 |
Sep 27, 2024 12:56:05.231476068 CEST | 49759 | 443 | 192.168.2.10 | 142.250.181.238 |
Sep 27, 2024 12:56:05.231513023 CEST | 443 | 49759 | 142.250.181.238 | 192.168.2.10 |
Sep 27, 2024 12:56:10.841515064 CEST | 49771 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:56:10.841558933 CEST | 443 | 49771 | 142.250.184.196 | 192.168.2.10 |
Sep 27, 2024 12:56:10.841630936 CEST | 49771 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:56:10.842031956 CEST | 49771 | 443 | 192.168.2.10 | 142.250.184.196 |
Sep 27, 2024 12:56:10.842041969 CEST | 443 | 49771 | 142.250.184.196 | 192.168.2.10 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 12:54:07.286041975 CEST | 53 | 59035 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:54:07.301565886 CEST | 60735 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:54:07.302006006 CEST | 63319 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:54:07.308301926 CEST | 53 | 60735 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:54:07.309423923 CEST | 53 | 63319 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:54:07.310708046 CEST | 53 | 53974 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:54:08.291140079 CEST | 64213 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:54:08.291277885 CEST | 63144 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:54:08.298019886 CEST | 53 | 64213 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:54:08.298094034 CEST | 53 | 63144 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:54:08.366744041 CEST | 53 | 50163 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:54:10.715136051 CEST | 50838 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:54:10.715321064 CEST | 61353 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:54:10.721973896 CEST | 53 | 50838 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:54:10.722008944 CEST | 53 | 61353 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:54:12.191905975 CEST | 53 | 61624 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:54:15.029711008 CEST | 53 | 50569 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:54:18.077672005 CEST | 49716 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:54:18.077821970 CEST | 63734 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:54:18.169702053 CEST | 53 | 49716 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:54:18.169745922 CEST | 53 | 63734 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:54:19.515916109 CEST | 49426 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:54:19.516082048 CEST | 63227 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:54:19.530457973 CEST | 53 | 49426 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:54:19.530498981 CEST | 53 | 63227 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:54:25.525888920 CEST | 53 | 50140 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:54:44.365890980 CEST | 53 | 54228 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:55:00.410612106 CEST | 138 | 138 | 192.168.2.10 | 192.168.2.255 |
Sep 27, 2024 12:55:20.278768063 CEST | 54546 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:55:20.278944016 CEST | 54503 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:55:21.292417049 CEST | 59076 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:55:21.292663097 CEST | 58675 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:55:23.324548960 CEST | 54251 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:55:24.339737892 CEST | 54251 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:55:25.339621067 CEST | 54251 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:55:27.341501951 CEST | 54251 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:55:31.356151104 CEST | 54251 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:55:43.349783897 CEST | 53 | 49690 | 1.1.1.1 | 192.168.2.10 |
Sep 27, 2024 12:55:51.641570091 CEST | 63337 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:55:51.641993999 CEST | 49481 | 53 | 192.168.2.10 | 1.1.1.1 |
Sep 27, 2024 12:55:51.704663038 CEST | 53 | 63337 | 1.1.1.1 | 192.168.2.10 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 27, 2024 12:54:07.301565886 CEST | 192.168.2.10 | 1.1.1.1 | 0xe2e8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 12:54:07.302006006 CEST | 192.168.2.10 | 1.1.1.1 | 0x6395 | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 27, 2024 12:54:08.291140079 CEST | 192.168.2.10 | 1.1.1.1 | 0xc617 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 12:54:08.291277885 CEST | 192.168.2.10 | 1.1.1.1 | 0xfd7a | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 27, 2024 12:54:10.715136051 CEST | 192.168.2.10 | 1.1.1.1 | 0x8045 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 12:54:10.715321064 CEST | 192.168.2.10 | 1.1.1.1 | 0x4a75 | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 27, 2024 12:54:18.077672005 CEST | 192.168.2.10 | 1.1.1.1 | 0x91b0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 12:54:18.077821970 CEST | 192.168.2.10 | 1.1.1.1 | 0xc831 | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 27, 2024 12:54:19.515916109 CEST | 192.168.2.10 | 1.1.1.1 | 0xf6ed | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 12:54:19.516082048 CEST | 192.168.2.10 | 1.1.1.1 | 0x3bd0 | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 27, 2024 12:55:20.278768063 CEST | 192.168.2.10 | 1.1.1.1 | 0x58ac | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 12:55:20.278944016 CEST | 192.168.2.10 | 1.1.1.1 | 0x99ca | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 27, 2024 12:55:21.292417049 CEST | 192.168.2.10 | 1.1.1.1 | 0xf3bf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 12:55:21.292663097 CEST | 192.168.2.10 | 1.1.1.1 | 0xa63 | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 27, 2024 12:55:23.324548960 CEST | 192.168.2.10 | 1.1.1.1 | 0x6eec | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 12:55:24.339737892 CEST | 192.168.2.10 | 1.1.1.1 | 0x6eec | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 12:55:25.339621067 CEST | 192.168.2.10 | 1.1.1.1 | 0x6eec | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 12:55:27.341501951 CEST | 192.168.2.10 | 1.1.1.1 | 0x6eec | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 12:55:31.356151104 CEST | 192.168.2.10 | 1.1.1.1 | 0x6eec | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 12:55:51.641570091 CEST | 192.168.2.10 | 1.1.1.1 | 0x67ef | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 12:55:51.641993999 CEST | 192.168.2.10 | 1.1.1.1 | 0xdd7c | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 27, 2024 12:54:07.308301926 CEST | 1.1.1.1 | 192.168.2.10 | 0xe2e8 | No error (0) | 142.250.185.238 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:07.309423923 CEST | 1.1.1.1 | 192.168.2.10 | 0x6395 | No error (0) | 65 | IN (0x0001) | false | |||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | youtube-ui.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | 142.250.184.206 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | 172.217.16.206 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | 142.250.185.238 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | 142.250.181.238 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | 142.250.186.110 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | 142.250.186.46 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | 216.58.206.78 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | 216.58.212.174 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | 172.217.16.142 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | 142.250.185.142 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | 216.58.206.46 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | 142.250.184.238 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | 142.250.185.174 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | 142.250.186.174 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | 172.217.18.14 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298019886 CEST | 1.1.1.1 | 192.168.2.10 | 0xc617 | No error (0) | 142.250.185.206 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298094034 CEST | 1.1.1.1 | 192.168.2.10 | 0xfd7a | No error (0) | youtube-ui.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:08.298094034 CEST | 1.1.1.1 | 192.168.2.10 | 0xfd7a | No error (0) | 65 | IN (0x0001) | false | |||
Sep 27, 2024 12:54:10.721973896 CEST | 1.1.1.1 | 192.168.2.10 | 0x8045 | No error (0) | 142.250.184.196 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:10.722008944 CEST | 1.1.1.1 | 192.168.2.10 | 0x4a75 | No error (0) | 65 | IN (0x0001) | false | |||
Sep 27, 2024 12:54:18.169702053 CEST | 1.1.1.1 | 192.168.2.10 | 0x91b0 | No error (0) | www3.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:18.169702053 CEST | 1.1.1.1 | 192.168.2.10 | 0x91b0 | No error (0) | 216.58.206.46 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:18.169745922 CEST | 1.1.1.1 | 192.168.2.10 | 0xc831 | No error (0) | www3.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 27, 2024 12:54:19.530457973 CEST | 1.1.1.1 | 192.168.2.10 | 0xf6ed | No error (0) | 142.250.181.238 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 12:55:51.704663038 CEST | 1.1.1.1 | 192.168.2.10 | 0x67ef | No error (0) | 172.217.23.110 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.10 | 49703 | 142.250.185.238 | 443 | 1516 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 10:54:08 UTC | 847 | OUT | |
2024-09-27 10:54:08 UTC | 1704 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.10 | 49707 | 142.250.184.206 | 443 | 1516 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 10:54:08 UTC | 865 | OUT | |
2024-09-27 10:54:10 UTC | 2634 | IN |