Edit tour
Windows
Analysis Report
file.exe
Overview
General Information
Detection
Credential Flusher
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of debugger detection
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Classification
- System is w10x64
- file.exe (PID: 7708 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: AF6318576FAE069A7DFB65A405A76A67) - taskkill.exe (PID: 7800 cmdline:
taskkill / F /IM chro me.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - conhost.exe (PID: 7808 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - chrome.exe (PID: 7880 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://youtu be.com/acc ount?=http s://accoun ts.google. com/v3/sig nin/challe nge/pwd" - -start-ful lscreen -- no-first-r un --disab le-session -crashed-b ubble --di sable-info bars MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA) - chrome.exe (PID: 8092 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2160 --fi eld-trial- handle=195 2,i,174602 0232942166 8459,18536 7321243569 1532,26214 4 /prefetc h:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- cleanup
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialFlusher | Yara detected Credential Flusher | Joe Security |
⊘No Sigma rule has matched
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 6_2_000BDBBE | |
Source: | Code function: | 6_2_0008C2A2 | |
Source: | Code function: | 6_2_000C68EE | |
Source: | Code function: | 6_2_000C698F | |
Source: | Code function: | 6_2_000BD076 | |
Source: | Code function: | 6_2_000BD3A9 | |
Source: | Code function: | 6_2_000C9642 | |
Source: | Code function: | 6_2_000C979D | |
Source: | Code function: | 6_2_000C9B2B | |
Source: | Code function: | 6_2_000C5C97 |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: | 6_2_000CCE44 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 6_2_000CEAFF |
Source: | Code function: | 6_2_000CED6A |
Source: | Code function: | 6_2_000CEAFF |
Source: | Code function: | 6_2_000BAA57 |
Source: | Code function: | 6_2_000E9576 |
System Summary |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | memstr_09899a42-9 | |
Source: | String found in binary or memory: | memstr_ab629b65-4 | |
Source: | String found in binary or memory: | memstr_da47d0d3-a | |
Source: | String found in binary or memory: | memstr_53fa39c0-0 |
Source: | Code function: | 6_2_000BD5EB |
Source: | Code function: | 6_2_000B1201 |
Source: | Code function: | 6_2_000BE8F6 |
Source: | Code function: | 6_2_000C2046 | |
Source: | Code function: | 6_2_00058060 | |
Source: | Code function: | 6_2_000B8298 | |
Source: | Code function: | 6_2_0008E4FF | |
Source: | Code function: | 6_2_0008676B | |
Source: | Code function: | 6_2_000E4873 | |
Source: | Code function: | 6_2_0007CAA0 | |
Source: | Code function: | 6_2_0005CAF0 | |
Source: | Code function: | 6_2_0006CC39 | |
Source: | Code function: | 6_2_00086DD9 | |
Source: | Code function: | 6_2_0006B119 | |
Source: | Code function: | 6_2_000591C0 | |
Source: | Code function: | 6_2_00071394 | |
Source: | Code function: | 6_2_00071706 | |
Source: | Code function: | 6_2_0007781B | |
Source: | Code function: | 6_2_00057920 | |
Source: | Code function: | 6_2_0006997D | |
Source: | Code function: | 6_2_000719B0 | |
Source: | Code function: | 6_2_00077A4A | |
Source: | Code function: | 6_2_00071C77 | |
Source: | Code function: | 6_2_00077CA7 | |
Source: | Code function: | 6_2_000DBE44 | |
Source: | Code function: | 6_2_0006BE70 | |
Source: | Code function: | 6_2_00089EEE | |
Source: | Code function: | 6_2_00071F32 |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 6_2_000C37B5 |
Source: | Code function: | 6_2_000B10BF | |
Source: | Code function: | 6_2_000B16C3 |
Source: | Code function: | 6_2_000C51CD |
Source: | Code function: | 6_2_000DA67C |
Source: | Code function: | 6_2_000C648E |
Source: | Code function: | 6_2_000542A2 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 6_2_000542DE |
Source: | Code function: | 6_2_00070A89 |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Code function: | 6_2_0006F98E | |
Source: | Code function: | 6_2_000E1C41 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Sandbox detection routine: | graph_6-95563 |
Source: | API coverage: |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 6_2_000BDBBE | |
Source: | Code function: | 6_2_0008C2A2 | |
Source: | Code function: | 6_2_000C68EE | |
Source: | Code function: | 6_2_000C698F | |
Source: | Code function: | 6_2_000BD076 | |
Source: | Code function: | 6_2_000BD3A9 | |
Source: | Code function: | 6_2_000C9642 | |
Source: | Code function: | 6_2_000C979D | |
Source: | Code function: | 6_2_000C9B2B | |
Source: | Code function: | 6_2_000C5C97 |
Source: | Code function: | 6_2_000542DE |
Anti Debugging |
---|
Source: | Debugger detection routine: | graph_6-95707 |
Source: | Code function: | 6_2_000CEAA2 |
Source: | Code function: | 6_2_00082622 |
Source: | Code function: | 6_2_000542DE |
Source: | Code function: | 6_2_00074CE8 |
Source: | Code function: | 6_2_000B0B62 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 6_2_00082622 | |
Source: | Code function: | 6_2_0007083F | |
Source: | Code function: | 6_2_000709D5 | |
Source: | Code function: | 6_2_00070C21 |
Source: | Code function: | 6_2_000B1201 |
Source: | Code function: | 6_2_00092BA5 |
Source: | Code function: | 6_2_0006F98E |
Source: | Code function: | 6_2_000D22DA |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 6_2_000B0B62 |
Source: | Code function: | 6_2_000B1663 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 6_2_00070698 |
Source: | Code function: | 6_2_000C8195 |
Source: | Code function: | 6_2_000AD27A |
Source: | Code function: | 6_2_0008B952 |
Source: | Code function: | 6_2_000542DE |
Stealing of Sensitive Information |
---|
Source: | File source: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Remote Access Functionality |
---|
Source: | File source: |
Source: | Code function: | 6_2_000D1204 | |
Source: | Code function: | 6_2_000D1806 |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 2 Disable or Modify Tools | 21 Input Capture | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 1 Native API | 2 Valid Accounts | 1 DLL Side-Loading | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 21 Input Capture | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | 1 Registry Run Keys / Startup Folder | 2 Valid Accounts | 2 Obfuscated Files or Information | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 16 System Information Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 2 Process Injection | 1 Masquerading | LSA Secrets | 22 Security Software Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | 1 Registry Run Keys / Startup Folder | 2 Valid Accounts | Cached Domain Credentials | 21 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 21 Virtualization/Sandbox Evasion | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 21 Access Token Manipulation | Proc Filesystem | 1 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 2 Process Injection | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | ReversingLabs | |||
100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
youtube-ui.l.google.com | 142.250.186.142 | true | false | unknown | |
www.google.com | 142.250.184.228 | true | false | unknown | |
youtube.com | 216.58.206.46 | true | false | unknown | |
www.youtube.com | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
216.58.206.46 | youtube.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.186.142 | youtube-ui.l.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.184.228 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.10 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1524414 |
Start date and time: | 2024-10-02 19:04:16 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 40s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal76.troj.evad.winEXE@35/14@6/5 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.185.67, 142.250.185.142, 142.251.168.84, 34.104.35.123, 142.250.186.42, 142.250.185.170, 172.217.18.106, 216.58.206.74, 142.250.74.202, 142.250.185.74, 142.250.186.138, 142.250.185.138, 172.217.23.106, 142.250.186.74, 142.250.185.106, 172.217.16.202, 172.217.16.138, 216.58.206.42, 172.217.18.10, 142.250.186.106, 172.217.18.3, 142.250.184.195, 216.58.212.138, 216.58.212.170, 199.232.210.172, 142.250.181.227, 142.250.186.174
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, optimizationguide-pa.googleapis.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- VT rate limit hit for: file.exe
⊘No simulations
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | Credential Flusher | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse | |||
Get hash | malicious | Credential Flusher | Browse |
⊘No context
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Credential Flusher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Credential Flusher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
⊘No context
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.9911203334878254 |
Encrypted: | false |
SSDEEP: | 48:8IMbdaVTTkJH5idAKZdA1uehwiZUklqeh+y+3:8I10q9y |
MD5: | 847748E73F221B7D12FB4D9680694057 |
SHA1: | A833BF66219E5ECC8834023FA5167A58BEE4E264 |
SHA-256: | 12DC9275AACE799C35358C1773AA8A60BED0FB37F87580A2249B661B2533F1D9 |
SHA-512: | D2C479D2592F1E738517E9D824F1A264F16BA9231B8251800E82944A88043F361A11F03ED99FFC43DE157D67A0B812D8D3BE37105F9DE86BCAC8ABCBE97B72F0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.008238356483973 |
Encrypted: | false |
SSDEEP: | 48:8d3QMbdaVTTkJH5idAKZdA1Heh/iZUkAQkqehty+2:8dg1009QAy |
MD5: | B34C4F9E9059884E26D4985EE99F93E8 |
SHA1: | 60C58A8EEAD79ABA73A82B100C5AD38ED6EC4DD0 |
SHA-256: | DD4BBFEEE807E73D83107B285FB1CB2AC7AAF2B95A5169CDA4090C3FC196E268 |
SHA-512: | 3F8553771560179CB869C46211FCD5CF13F8D605A1A9250E05EFCB7FF20FED68F76C34D93023DED12DE2E9A7B6B52BD08FACEB77B5DE1BE9B12A868111CA06A9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.016483821997974 |
Encrypted: | false |
SSDEEP: | 48:8FMbdaVTTkbH5idAKZdA149eh7sFiZUkmgqeh7sHy+BX:8F10mnBy |
MD5: | 1AF0034ED3890498C5F301433EEBD6D8 |
SHA1: | F29D3D59219073E47C25B0B20FD9C4D845DB6F49 |
SHA-256: | 79705A60E76CBDC360FEF45D6B17257CBFBD05541F8B4A6DDCC2EF0742C7F71A |
SHA-512: | 77E790D7BDEA0E575284C63F05985A0C2700F4259ACEEDB715285A0EE964BB6E51804FAFA5B70390453E4FF9DB2590D309E8714ECF04C4B4E07F83471C09EBEC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.004429462063221 |
Encrypted: | false |
SSDEEP: | 48:8mMbdaVTTkJH5idAKZdA14ehDiZUkwqehZy+R:8m10vfy |
MD5: | EEB9E45ED77D3DAE0CAAEF3321A360B8 |
SHA1: | AD76329ACA419B2D9152609E02CBC687DD0BC212 |
SHA-256: | 791639657B0F037CCBC9A5F284EA07F3BC9FADEDE83898D7E9CCB76A5B172808 |
SHA-512: | DCFA288DF9209ED1B0BC35D678C862CBB103A41616AA64074C6A536ED286DD54C9044331BC36C21D271A600E6B4A7CEE57AA5E477F990961B5E040016ED0FBCE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9935894366740503 |
Encrypted: | false |
SSDEEP: | 48:86MbdaVTTkJH5idAKZdA1mehBiZUk1W1qehLy+C:8610/9ry |
MD5: | 13C02C679CB1A10DFB390969898ECBBC |
SHA1: | 3A808ACC01F712887775973896AF260C478F334D |
SHA-256: | F1C5FBEFF11ABBC74B35CB73681422906429C1E7D58DB6BD10E874D60FAFF51D |
SHA-512: | ADDD8EA932829BBE9BB6087B2FBC5C5B4E3CF86EE0C850F3CC3E7C7F90AA306C54492D2700B1B9ECE43B76144300DF8DD41C686E4DFBC43A0271C4A00DE0F5C7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.003491988596631 |
Encrypted: | false |
SSDEEP: | 48:85XMbdaVTTkJH5idAKZdA1duT1ehOuTbbiZUk5OjqehOuTbBy+yT+:85X10eTyTbxWOvTbBy7T |
MD5: | F2B6CFB8C74E66DC21B1CD81971B81CF |
SHA1: | 08B54A318C04B47F38A48F4067FF6324902EFAC0 |
SHA-256: | 2F3847C8F34436FA7DEE075F9AD5064229FE238A025AD4EDD463DBEF4AEC2C29 |
SHA-512: | 846FD4E735CFCA0AEAEB006438B0BEC97B11A395FFED69A4F8DF5755E80B3C2E324B1618408500E6697B95E31D79220E0B48C76814BB8ED9279C72A580875BB4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 84 |
Entropy (8bit): | 4.875266466142591 |
Encrypted: | false |
SSDEEP: | 3:DZFJu0+WVTBCq2Bjdw2KsJJuYHSKnZ:lFJuuVTBudw29nu4SKZ |
MD5: | 87B6333E98B7620EA1FF98D1A837A39E |
SHA1: | 105DE6815B0885357DE1414BFC0D77FCC9E924EF |
SHA-256: | DCD3C133C5C40BECD4100BBE6EDAE84C9735E778E4234A5E8395C56FF8A733BA |
SHA-512: | 867D7943D813685FAA76394E53199750C55817E836FD19C933F74D11E9657CE66719A6D6B2E39EE1DE62358BCE364E38A55F4E138DF92337DE6985DDCD5D0994 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSHgmA6QC9dWevzxIFDRkBE_oSBQ3oIX6GEgUN05ioBw==?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 5430 |
Entropy (8bit): | 3.6534652184263736 |
Encrypted: | false |
SSDEEP: | 48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B |
MD5: | F3418A443E7D841097C714D69EC4BCB8 |
SHA1: | 49263695F6B0CDD72F45CF1B775E660FDC36C606 |
SHA-256: | 6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770 |
SHA-512: | 82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563 |
Malicious: | false |
URL: | https://www.google.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 52280 |
Entropy (8bit): | 7.995413196679271 |
Encrypted: | true |
SSDEEP: | 1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d |
MD5: | F61F0D4D0F968D5BBA39A84C76277E1A |
SHA1: | AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2 |
SHA-256: | 57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC |
SHA-512: | 6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487 |
Malicious: | false |
URL: | https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 730420 |
Entropy (8bit): | 5.789286883995489 |
Encrypted: | false |
SSDEEP: | 6144:YVXWBQkPdzg5pTX1ROv/duPzd8C3s891/n:Nfd8j91/n |
MD5: | 357718969443B75B5F34BC9FC66406DC |
SHA1: | 9F2CDD892D13E376E931E3311E0B9F19118EC08D |
SHA-256: | 0E4E57D426BC17E03C7C2EF1481CD0114BE028FAB97C78510449CF858FCEFDBE |
SHA-512: | 968E272710B6D29C803ABFAB89CA5642710BC72F16D01AB6015E09764F7E5817EFE1BF70347328C1CE93E34E7DFA1C8C5F26C316E1854C8ED4E1CD4CBF916469 |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.RgRbaBHDctU.es5.O/am=xIFgKBi2EQjEE54DekBRIOQAAAAAAAAAAKANAAB0DA/d=1/excm=_b,_tp,identifierview/ed=1/dg=0/wt=2/ujg=1/rs=AOaEmlE6O04h0gj7Nu50q-nmaRKM6WWcJw/m=_b,_tp" |
Preview: |
File type: | |
Entropy (8bit): | 6.582342144287593 |
TrID: |
|
File name: | file.exe |
File size: | 918'528 bytes |
MD5: | af6318576fae069a7dfb65a405a76a67 |
SHA1: | 6c11eba1c56fd659b19fd33adaa9f66ea939c088 |
SHA256: | 9607cf90365ce5353cbcc5e0562bd45fdec2c3c4dc36626549b8d952dda468b8 |
SHA512: | e11be0b44beb7590f9d59eab8f0c2e8f303e37b0be2a8c4d1f96332b4b1e91b71a3dccfe2e96bebd93c797622d056d11e26df221849e8806b565a2f798448dba |
SSDEEP: | 12288:QqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga2Tr:QqDEvCTbMWu7rQYlBQcBiT6rprG8aOr |
TLSH: | 37159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3 |
File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z.... |
Icon Hash: | aaf3e3e3938382a0 |
Entrypoint: | 0x420577 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66FD761B [Wed Oct 2 16:34:35 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 948cc502fe9226992dce9417f952fce3 |
Instruction |
---|
call 00007F9954D654B3h |
jmp 00007F9954D64DBFh |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F9954D64F9Dh |
mov dword ptr [esi], 0049FDF0h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FDF8h |
mov dword ptr [ecx], 0049FDF0h |
ret |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007F9954D64F6Ah |
mov dword ptr [esi], 0049FE0Ch |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0049FE14h |
mov dword ptr [ecx], 0049FE0Ch |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
and dword ptr [eax], 00000000h |
and dword ptr [eax+04h], 00000000h |
push eax |
mov eax, dword ptr [ebp+08h] |
add eax, 04h |
push eax |
call 00007F9954D67B5Dh |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
lea eax, dword ptr [ecx+04h] |
mov dword ptr [ecx], 0049FDD0h |
push eax |
call 00007F9954D67BA8h |
pop ecx |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 0049FDD0h |
push eax |
call 00007F9954D67B91h |
test byte ptr [ebp+08h], 00000001h |
pop ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc8e64 | 0x17c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd4000 | 0x991c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xde000 | 0x7594 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xb0ff0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0xc3400 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xb1010 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9c000 | 0x894 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x9ab1d | 0x9ac00 | 0a1473f3064dcbc32ef93c5c8a90f3a6 | False | 0.565500681542811 | data | 6.668273581389308 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x9c000 | 0x2fb82 | 0x2fc00 | c9cf2468b60bf4f80f136ed54b3989fb | False | 0.35289185209424084 | data | 5.691811547483722 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xcc000 | 0x706c | 0x4800 | 53b9025d545d65e23295e30afdbd16d9 | False | 0.04356553819444445 | DOS executable (block device driver @\273\) | 0.5846666986982398 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xd4000 | 0x991c | 0x9a00 | 2bf80a72855824b327f174746abaec62 | False | 0.3026582792207792 | data | 5.279976954155754 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xde000 | 0x7594 | 0x7600 | c68ee8931a32d45eb82dc450ee40efc3 | False | 0.7628111758474576 | data | 6.7972128181359786 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xd45a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
RT_ICON | 0xd46d0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
RT_ICON | 0xd47f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
RT_ICON | 0xd4920 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | English | Great Britain | 0.3333333333333333 |
RT_ICON | 0xd4c08 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | English | Great Britain | 0.5 |
RT_ICON | 0xd4d30 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | Great Britain | 0.2835820895522388 |
RT_ICON | 0xd5bd8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | Great Britain | 0.37906137184115524 |
RT_ICON | 0xd6480 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | Great Britain | 0.23699421965317918 |
RT_ICON | 0xd69e8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | Great Britain | 0.13858921161825727 |
RT_ICON | 0xd8f90 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | Great Britain | 0.25070356472795496 |
RT_ICON | 0xda038 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | Great Britain | 0.3173758865248227 |
RT_MENU | 0xda4a0 | 0x50 | data | English | Great Britain | 0.9 |
RT_STRING | 0xda4f0 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
RT_STRING | 0xdaa84 | 0x68a | data | English | Great Britain | 0.2735961768219833 |
RT_STRING | 0xdb110 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
RT_STRING | 0xdb5a0 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
RT_STRING | 0xdbb9c | 0x65c | data | English | Great Britain | 0.34336609336609336 |
RT_STRING | 0xdc1f8 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
RT_STRING | 0xdc660 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
RT_RCDATA | 0xdc7b8 | 0xbe2 | data | 1.0036160420775806 | ||
RT_GROUP_ICON | 0xdd39c | 0x76 | data | English | Great Britain | 0.6610169491525424 |
RT_GROUP_ICON | 0xdd414 | 0x14 | data | English | Great Britain | 1.25 |
RT_GROUP_ICON | 0xdd428 | 0x14 | data | English | Great Britain | 1.15 |
RT_GROUP_ICON | 0xdd43c | 0x14 | data | English | Great Britain | 1.25 |
RT_VERSION | 0xdd450 | 0xdc | data | English | Great Britain | 0.6181818181818182 |
RT_MANIFEST | 0xdd52c | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
DLL | Import |
---|---|
WSOCK32.dll | gethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect |
VERSION.dll | GetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW |
WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
MPR.dll | WNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W |
WININET.dll | HttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable |
PSAPI.DLL | GetProcessMemoryInfo |
IPHLPAPI.DLL | IcmpSendEcho, IcmpCloseHandle, IcmpCreateFile |
USERENV.dll | DestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile |
UxTheme.dll | IsThemeActive |
KERNEL32.dll | DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW |
USER32.dll | GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient |
GDI32.dll | EndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath |
COMDLG32.dll | GetSaveFileNameW, GetOpenFileNameW |
ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW |
SHELL32.dll | DragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW |
ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket |
OLEAUT32.dll | CreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 19:05:03.490725040 CEST | 49671 | 443 | 192.168.2.10 | 204.79.197.203 |
Oct 2, 2024 19:05:04.506409883 CEST | 49674 | 443 | 192.168.2.10 | 173.222.162.55 |
Oct 2, 2024 19:05:04.509702921 CEST | 49675 | 443 | 192.168.2.10 | 173.222.162.55 |
Oct 2, 2024 19:05:07.225641012 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Oct 2, 2024 19:05:07.537575006 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Oct 2, 2024 19:05:08.146905899 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Oct 2, 2024 19:05:08.303265095 CEST | 49671 | 443 | 192.168.2.10 | 204.79.197.203 |
Oct 2, 2024 19:05:09.355808973 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Oct 2, 2024 19:05:11.757834911 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Oct 2, 2024 19:05:13.393647909 CEST | 49707 | 443 | 192.168.2.10 | 216.58.206.46 |
Oct 2, 2024 19:05:13.393682957 CEST | 443 | 49707 | 216.58.206.46 | 192.168.2.10 |
Oct 2, 2024 19:05:13.393769026 CEST | 49707 | 443 | 192.168.2.10 | 216.58.206.46 |
Oct 2, 2024 19:05:13.394443035 CEST | 49707 | 443 | 192.168.2.10 | 216.58.206.46 |
Oct 2, 2024 19:05:13.394457102 CEST | 443 | 49707 | 216.58.206.46 | 192.168.2.10 |
Oct 2, 2024 19:05:14.051536083 CEST | 443 | 49707 | 216.58.206.46 | 192.168.2.10 |
Oct 2, 2024 19:05:14.052104950 CEST | 49707 | 443 | 192.168.2.10 | 216.58.206.46 |
Oct 2, 2024 19:05:14.052131891 CEST | 443 | 49707 | 216.58.206.46 | 192.168.2.10 |
Oct 2, 2024 19:05:14.052536964 CEST | 443 | 49707 | 216.58.206.46 | 192.168.2.10 |
Oct 2, 2024 19:05:14.052664995 CEST | 49707 | 443 | 192.168.2.10 | 216.58.206.46 |
Oct 2, 2024 19:05:14.053236961 CEST | 443 | 49707 | 216.58.206.46 | 192.168.2.10 |
Oct 2, 2024 19:05:14.053297043 CEST | 49707 | 443 | 192.168.2.10 | 216.58.206.46 |
Oct 2, 2024 19:05:14.054279089 CEST | 49707 | 443 | 192.168.2.10 | 216.58.206.46 |
Oct 2, 2024 19:05:14.054346085 CEST | 443 | 49707 | 216.58.206.46 | 192.168.2.10 |
Oct 2, 2024 19:05:14.054480076 CEST | 49707 | 443 | 192.168.2.10 | 216.58.206.46 |
Oct 2, 2024 19:05:14.098747015 CEST | 49707 | 443 | 192.168.2.10 | 216.58.206.46 |
Oct 2, 2024 19:05:14.098772049 CEST | 443 | 49707 | 216.58.206.46 | 192.168.2.10 |
Oct 2, 2024 19:05:14.114381075 CEST | 49674 | 443 | 192.168.2.10 | 173.222.162.55 |
Oct 2, 2024 19:05:14.114396095 CEST | 49675 | 443 | 192.168.2.10 | 173.222.162.55 |
Oct 2, 2024 19:05:14.148507118 CEST | 49707 | 443 | 192.168.2.10 | 216.58.206.46 |
Oct 2, 2024 19:05:14.341264963 CEST | 443 | 49707 | 216.58.206.46 | 192.168.2.10 |
Oct 2, 2024 19:05:14.341350079 CEST | 443 | 49707 | 216.58.206.46 | 192.168.2.10 |
Oct 2, 2024 19:05:14.341355085 CEST | 49707 | 443 | 192.168.2.10 | 216.58.206.46 |
Oct 2, 2024 19:05:14.341406107 CEST | 49707 | 443 | 192.168.2.10 | 216.58.206.46 |
Oct 2, 2024 19:05:14.342371941 CEST | 49707 | 443 | 192.168.2.10 | 216.58.206.46 |
Oct 2, 2024 19:05:14.342391968 CEST | 443 | 49707 | 216.58.206.46 | 192.168.2.10 |
Oct 2, 2024 19:05:14.352659941 CEST | 49712 | 443 | 192.168.2.10 | 142.250.186.142 |
Oct 2, 2024 19:05:14.352679968 CEST | 443 | 49712 | 142.250.186.142 | 192.168.2.10 |
Oct 2, 2024 19:05:14.352822065 CEST | 49712 | 443 | 192.168.2.10 | 142.250.186.142 |
Oct 2, 2024 19:05:14.353764057 CEST | 49712 | 443 | 192.168.2.10 | 142.250.186.142 |
Oct 2, 2024 19:05:14.353775024 CEST | 443 | 49712 | 142.250.186.142 | 192.168.2.10 |
Oct 2, 2024 19:05:15.002315998 CEST | 443 | 49712 | 142.250.186.142 | 192.168.2.10 |
Oct 2, 2024 19:05:15.002639055 CEST | 49712 | 443 | 192.168.2.10 | 142.250.186.142 |
Oct 2, 2024 19:05:15.002650023 CEST | 443 | 49712 | 142.250.186.142 | 192.168.2.10 |
Oct 2, 2024 19:05:15.003048897 CEST | 443 | 49712 | 142.250.186.142 | 192.168.2.10 |
Oct 2, 2024 19:05:15.003117085 CEST | 49712 | 443 | 192.168.2.10 | 142.250.186.142 |
Oct 2, 2024 19:05:15.003740072 CEST | 443 | 49712 | 142.250.186.142 | 192.168.2.10 |
Oct 2, 2024 19:05:15.003786087 CEST | 49712 | 443 | 192.168.2.10 | 142.250.186.142 |
Oct 2, 2024 19:05:15.004935980 CEST | 49712 | 443 | 192.168.2.10 | 142.250.186.142 |
Oct 2, 2024 19:05:15.005017996 CEST | 443 | 49712 | 142.250.186.142 | 192.168.2.10 |
Oct 2, 2024 19:05:15.005105019 CEST | 49712 | 443 | 192.168.2.10 | 142.250.186.142 |
Oct 2, 2024 19:05:15.005120039 CEST | 443 | 49712 | 142.250.186.142 | 192.168.2.10 |
Oct 2, 2024 19:05:15.051882982 CEST | 49712 | 443 | 192.168.2.10 | 142.250.186.142 |
Oct 2, 2024 19:05:15.307104111 CEST | 443 | 49712 | 142.250.186.142 | 192.168.2.10 |
Oct 2, 2024 19:05:15.307128906 CEST | 443 | 49712 | 142.250.186.142 | 192.168.2.10 |
Oct 2, 2024 19:05:15.307193995 CEST | 443 | 49712 | 142.250.186.142 | 192.168.2.10 |
Oct 2, 2024 19:05:15.307215929 CEST | 49712 | 443 | 192.168.2.10 | 142.250.186.142 |
Oct 2, 2024 19:05:15.307320118 CEST | 49712 | 443 | 192.168.2.10 | 142.250.186.142 |
Oct 2, 2024 19:05:15.309659958 CEST | 49712 | 443 | 192.168.2.10 | 142.250.186.142 |
Oct 2, 2024 19:05:15.309684038 CEST | 443 | 49712 | 142.250.186.142 | 192.168.2.10 |
Oct 2, 2024 19:05:16.570570946 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Oct 2, 2024 19:05:17.050628901 CEST | 49716 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:05:17.050699949 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:17.051429033 CEST | 49716 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:05:17.051578045 CEST | 49716 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:05:17.051597118 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:17.912086010 CEST | 49671 | 443 | 192.168.2.10 | 204.79.197.203 |
Oct 2, 2024 19:05:18.513859034 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:18.514697075 CEST | 49716 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:05:18.514728069 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:18.515845060 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:18.515911102 CEST | 49716 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:05:18.516999006 CEST | 49716 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:05:18.517077923 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:18.517801046 CEST | 49720 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:18.517822027 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:18.517895937 CEST | 49720 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:18.519828081 CEST | 49720 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:18.519850016 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:18.568224907 CEST | 49716 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:05:18.568255901 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:18.615065098 CEST | 49716 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:05:19.186304092 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:19.186366081 CEST | 49720 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:19.190854073 CEST | 49720 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:19.190862894 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:19.191150904 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:19.231661081 CEST | 49720 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:19.279397964 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:20.514744997 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:20.514839888 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:20.515003920 CEST | 49720 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:20.515335083 CEST | 49720 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:20.515355110 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:20.515412092 CEST | 49720 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:20.515418053 CEST | 443 | 49720 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:20.567405939 CEST | 49723 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:20.567440033 CEST | 443 | 49723 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:20.567918062 CEST | 49723 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:20.567918062 CEST | 49723 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:20.567948103 CEST | 443 | 49723 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:21.864634991 CEST | 443 | 49723 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:21.864706993 CEST | 49723 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:21.895095110 CEST | 49723 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:21.895127058 CEST | 443 | 49723 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:21.895489931 CEST | 443 | 49723 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:21.899293900 CEST | 49723 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:21.943401098 CEST | 443 | 49723 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:22.142644882 CEST | 443 | 49723 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:22.142716885 CEST | 443 | 49723 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:22.142801046 CEST | 49723 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:22.143829107 CEST | 49723 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:22.143847942 CEST | 443 | 49723 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:22.143866062 CEST | 49723 | 443 | 192.168.2.10 | 184.28.90.27 |
Oct 2, 2024 19:05:22.143872023 CEST | 443 | 49723 | 184.28.90.27 | 192.168.2.10 |
Oct 2, 2024 19:05:23.060165882 CEST | 49716 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:05:23.107402086 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:23.327588081 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:23.327631950 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:23.327845097 CEST | 49716 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:05:23.327922106 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:23.339848995 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:23.339873075 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:23.340044975 CEST | 49716 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:05:23.340128899 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:23.340312004 CEST | 49716 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:05:23.340329885 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:23.340353966 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:23.340414047 CEST | 49716 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:05:23.340970993 CEST | 49716 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:05:23.341005087 CEST | 443 | 49716 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:05:24.707427025 CEST | 49729 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:05:24.707463026 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:24.709062099 CEST | 49729 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:05:24.710030079 CEST | 49729 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:05:24.710046053 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:25.526791096 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:25.526854992 CEST | 49729 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:05:25.529361010 CEST | 49729 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:05:25.529372931 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:25.529628992 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:25.583220005 CEST | 49729 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:05:26.119395971 CEST | 49729 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:05:26.167397976 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:26.177654982 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Oct 2, 2024 19:05:26.385915041 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:26.385941982 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:26.385950089 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:26.385965109 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:26.385972023 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:26.385977030 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:26.385996103 CEST | 49729 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:05:26.386018038 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:26.386035919 CEST | 49729 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:05:26.386070967 CEST | 49729 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:05:26.386641979 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:26.386714935 CEST | 49729 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:05:26.386725903 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:26.386940956 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:26.386998892 CEST | 49729 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:05:26.871490955 CEST | 49729 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:05:26.871514082 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:05:26.871540070 CEST | 49729 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:05:26.871546030 CEST | 443 | 49729 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:03.360691071 CEST | 49738 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:06:03.360766888 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:03.360841990 CEST | 49738 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:06:03.361248970 CEST | 49738 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:06:03.361275911 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:04.214385986 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:04.214497089 CEST | 49738 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:06:04.217302084 CEST | 49738 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:06:04.217350960 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:04.217684984 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:04.223360062 CEST | 49738 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:06:04.271414042 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:04.545075893 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:04.545130968 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:04.545172930 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:04.545300961 CEST | 49738 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:06:04.545355082 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:04.545380116 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:04.545418024 CEST | 49738 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:06:04.545419931 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:04.545437098 CEST | 49738 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:06:04.545449972 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:04.545476913 CEST | 49738 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:06:04.545491934 CEST | 49738 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:06:04.545536041 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:04.545660973 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:04.545708895 CEST | 49738 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:06:04.547785997 CEST | 49738 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:06:04.547832012 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:04.547849894 CEST | 49738 | 443 | 192.168.2.10 | 20.114.59.183 |
Oct 2, 2024 19:06:04.547858000 CEST | 443 | 49738 | 20.114.59.183 | 192.168.2.10 |
Oct 2, 2024 19:06:17.101136923 CEST | 49740 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:06:17.101193905 CEST | 443 | 49740 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:06:17.101387024 CEST | 49740 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:06:17.101526022 CEST | 49740 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:06:17.101536989 CEST | 443 | 49740 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:06:17.786577940 CEST | 443 | 49740 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:06:17.786993027 CEST | 49740 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:06:17.787043095 CEST | 443 | 49740 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:06:17.788184881 CEST | 443 | 49740 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:06:17.788592100 CEST | 49740 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:06:17.788788080 CEST | 443 | 49740 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:06:17.834346056 CEST | 49740 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:06:27.685813904 CEST | 443 | 49740 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:06:27.685892105 CEST | 443 | 49740 | 142.250.184.228 | 192.168.2.10 |
Oct 2, 2024 19:06:27.686024904 CEST | 49740 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:06:40.466950893 CEST | 49740 | 443 | 192.168.2.10 | 142.250.184.228 |
Oct 2, 2024 19:06:40.466998100 CEST | 443 | 49740 | 142.250.184.228 | 192.168.2.10 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 19:05:13.333065987 CEST | 53 | 49441 | 1.1.1.1 | 192.168.2.10 |
Oct 2, 2024 19:05:13.386018991 CEST | 49701 | 53 | 192.168.2.10 | 1.1.1.1 |
Oct 2, 2024 19:05:13.386166096 CEST | 52074 | 53 | 192.168.2.10 | 1.1.1.1 |
Oct 2, 2024 19:05:13.393028021 CEST | 53 | 49701 | 1.1.1.1 | 192.168.2.10 |
Oct 2, 2024 19:05:13.393101931 CEST | 53 | 52074 | 1.1.1.1 | 192.168.2.10 |
Oct 2, 2024 19:05:13.393544912 CEST | 53 | 59548 | 1.1.1.1 | 192.168.2.10 |
Oct 2, 2024 19:05:14.344871998 CEST | 63405 | 53 | 192.168.2.10 | 1.1.1.1 |
Oct 2, 2024 19:05:14.345012903 CEST | 51592 | 53 | 192.168.2.10 | 1.1.1.1 |
Oct 2, 2024 19:05:14.351617098 CEST | 53 | 63405 | 1.1.1.1 | 192.168.2.10 |
Oct 2, 2024 19:05:14.352127075 CEST | 53 | 51592 | 1.1.1.1 | 192.168.2.10 |
Oct 2, 2024 19:05:14.360924006 CEST | 53 | 51904 | 1.1.1.1 | 192.168.2.10 |
Oct 2, 2024 19:05:17.042860031 CEST | 56501 | 53 | 192.168.2.10 | 1.1.1.1 |
Oct 2, 2024 19:05:17.042860031 CEST | 65139 | 53 | 192.168.2.10 | 1.1.1.1 |
Oct 2, 2024 19:05:17.049797058 CEST | 53 | 56501 | 1.1.1.1 | 192.168.2.10 |
Oct 2, 2024 19:05:17.049993038 CEST | 53 | 65139 | 1.1.1.1 | 192.168.2.10 |
Oct 2, 2024 19:05:18.513381004 CEST | 53 | 65121 | 1.1.1.1 | 192.168.2.10 |
Oct 2, 2024 19:05:21.966259956 CEST | 53 | 50452 | 1.1.1.1 | 192.168.2.10 |
Oct 2, 2024 19:05:31.468395948 CEST | 53 | 52110 | 1.1.1.1 | 192.168.2.10 |
Oct 2, 2024 19:05:50.561278105 CEST | 53 | 59160 | 1.1.1.1 | 192.168.2.10 |
Oct 2, 2024 19:06:06.317084074 CEST | 138 | 138 | 192.168.2.10 | 192.168.2.255 |
Oct 2, 2024 19:06:12.375422955 CEST | 53 | 54186 | 1.1.1.1 | 192.168.2.10 |
Oct 2, 2024 19:06:13.275652885 CEST | 53 | 59114 | 1.1.1.1 | 192.168.2.10 |
Oct 2, 2024 19:06:40.474180937 CEST | 53 | 51369 | 1.1.1.1 | 192.168.2.10 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 2, 2024 19:05:13.386018991 CEST | 192.168.2.10 | 1.1.1.1 | 0x7b1f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 19:05:13.386166096 CEST | 192.168.2.10 | 1.1.1.1 | 0x4e48 | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 2, 2024 19:05:14.344871998 CEST | 192.168.2.10 | 1.1.1.1 | 0x507d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 19:05:14.345012903 CEST | 192.168.2.10 | 1.1.1.1 | 0x5fda | Standard query (0) | 65 | IN (0x0001) | false | |
Oct 2, 2024 19:05:17.042860031 CEST | 192.168.2.10 | 1.1.1.1 | 0xd71b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 2, 2024 19:05:17.042860031 CEST | 192.168.2.10 | 1.1.1.1 | 0xd946 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 2, 2024 19:05:13.393028021 CEST | 1.1.1.1 | 192.168.2.10 | 0x7b1f | No error (0) | 216.58.206.46 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:13.393101931 CEST | 1.1.1.1 | 192.168.2.10 | 0x4e48 | No error (0) | 65 | IN (0x0001) | false | |||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | youtube-ui.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | 142.250.186.142 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | 142.250.186.78 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | 172.217.16.206 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | 216.58.212.142 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | 142.250.186.110 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | 142.250.185.238 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | 142.250.186.46 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | 142.250.185.174 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | 142.250.185.78 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | 142.250.185.206 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | 142.250.184.238 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | 142.250.185.110 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | 216.58.206.78 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | 142.250.184.206 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | 172.217.18.14 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.351617098 CEST | 1.1.1.1 | 192.168.2.10 | 0x507d | No error (0) | 142.250.185.142 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.352127075 CEST | 1.1.1.1 | 192.168.2.10 | 0x5fda | No error (0) | youtube-ui.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:14.352127075 CEST | 1.1.1.1 | 192.168.2.10 | 0x5fda | No error (0) | 65 | IN (0x0001) | false | |||
Oct 2, 2024 19:05:17.049797058 CEST | 1.1.1.1 | 192.168.2.10 | 0xd71b | No error (0) | 142.250.184.228 | A (IP address) | IN (0x0001) | false | ||
Oct 2, 2024 19:05:17.049993038 CEST | 1.1.1.1 | 192.168.2.10 | 0xd946 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.10 | 49707 | 216.58.206.46 | 443 | 8092 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 17:05:14 UTC | 847 | OUT | |
2024-10-02 17:05:14 UTC | 1704 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.10 | 49712 | 142.250.186.142 | 443 | 8092 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-02 17:05:15 UTC | 865 | OUT | |
2024-10-02 17:05:15 UTC | 2634 | IN |