Windows
Analysis Report
File-11F_385347.exe
Overview
General Information
Detection
Score: | 36 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Compliance
Score: | 47 |
Range: | 0 - 100 |
Signatures
Classification
Analysis Advice
Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
- System is w10x64
- File-11F_385347.exe (PID: 6404 cmdline:
"C:\Users\ user\Deskt op\File-11 F_385347.e xe" MD5: 08EA1813D6B205C446E6AE655C4E6715)
- chrome.exe (PID: 3716 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 5304 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2112 --fi eld-trial- handle=172 4,i,167149 3292955956 7655,49680 9352713038 3925,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Binary or memory string: | memstr_5626c899-d |
Compliance |
---|
Source: | Static PE information: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00AB1380 |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_010CB866 |
Source: | File created: | Jump to dropped file |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_011223FD |
Source: | Code function: | 0_2_0113553C | |
Source: | Code function: | 0_2_01126779 | |
Source: | Code function: | 0_2_011354F8 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_010CB057 | |
Source: | Code function: | 0_2_011223FD |
Source: | Code function: | 0_2_010CC06B |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 11 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 2 System Information Discovery | Distributed Component Object Model | Input Capture | 3 Application Layer Protocol | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
4% | ReversingLabs | Win32.Malware.Snackarcin | ||
9% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
contentworldinc.com | 104.26.5.9 | true | false |
| unknown |
www.google.com | 142.250.217.164 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.217.164 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
104.26.5.9 | contentworldinc.com | United States | 13335 | CLOUDFLARENETUS | false |
IP |
---|
192.168.2.4 |
127.0.0.1 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432286 |
Start date and time: | 2024-04-26 19:26:11 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 7s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | File-11F_385347.exe |
Detection: | SUS |
Classification: | sus36.winEXE@15/3@3/5 |
EGA Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 72.21.81.240, 192.229.211.108, 142.250.217.195, 142.251.107.84, 142.250.189.142, 34.104.35.123
- Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | MicroClip | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Captcha Phish | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Captcha Phish | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | MicroClip | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Captcha Phish | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, RedLine, SectopRAT, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Captcha Phish | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
74954a0c86284d0d6e1c4efefe92b521 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Python Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Bazar Loader, Qbot | Browse |
| ||
Get hash | malicious | Python Stealer, Creal Stealer | Browse |
| ||
Get hash | malicious | PureLog Stealer, RedLine, zgRAT | Browse |
|
Process: | C:\Users\user\Desktop\File-11F_385347.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16392237 |
Entropy (8bit): | 7.99861209953994 |
Encrypted: | true |
SSDEEP: | 393216:gE8nxnfUcXAbCaUQawechoJTIhxlpJYBAe:gvfAb2QnexshxlpKBp |
MD5: | 08A6FBB57D5B456414B71B260F749C9E |
SHA1: | 4F9ED2014C8E01C07ED922681A7D3A666CA0940D |
SHA-256: | 37037553E81DE20E2D0869388D4AAEEEC8D807EA0447DC4C822FE9C4A6FADA1F |
SHA-512: | 4AA932E363E1C42964CC887A723C10AB78F6D8CFBB5676B567525D57534FF4F3E4D14BA0263EA37BB2E32F1E4B8AF1E59C1B75626396F2DC705F77F13D4B8524 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 750 |
Entropy (8bit): | 5.113927133166416 |
Encrypted: | false |
SSDEEP: | 12:uB3B0FZyBmTp73OerBHslriFTAYsSw7sZAnIIIIIII5wuCPXIwuGHHHHHHHYZw4w:O+IBmt7eMBHslgT9lCuABuoB7HHHHHHp |
MD5: | FAD0A0F879371633AAC0778F553F96D8 |
SHA1: | 2F29A3F84142CAB6A544ADCC4AD9BFB9327924AF |
SHA-256: | 39ABB2F7967F9BF2B7C5E2071C5AC3AE20E8B0E9D87D333DE5E2C94AB6DE386D |
SHA-512: | D4F79DC3E2BC7BB4DCC3524384AE50AAF4628EAD9A09ED576FE803421D13C92017E1C3CB445F7C5C4F6D82E3B2BA029C47C44991D143FC1980DD77E32EBBD68B |
Malicious: | false |
Reputation: | low |
URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
Preview: |
File type: | |
Entropy (8bit): | 7.686122497274493 |
TrID: |
|
File name: | File-11F_385347.exe |
File size: | 23'731'296 bytes |
MD5: | 08ea1813d6b205c446e6ae655c4e6715 |
SHA1: | 76f4d2af1c04ec157fc8a270da5980ee6bcb5def |
SHA256: | 12288224d26607b30d026a32faf2ac7b49fc32acc8950eeaf60b933f2e39f48f |
SHA512: | a900bd2c4f33dc915fa27911620fafad76139da7c3d58ce3f40b7c2a1dcb11e893dc5b0cde7a74f93d6f1f5dc2ff949141b20f9c7d09a8bc3b9517f861c361e1 |
SSDEEP: | 393216:m8bMktzgHgxUv/1n6b121UnyuecRZndSk9bGWqCgu5op+wiCYCr2sfqisfU:m8bMkM1n6b121UnyuLEkTqA5a+Nc2sf6 |
TLSH: | A737AEC99266F984E3E108B1161973D04A5319353B25CAE97F8317DE173818AFEB0F7A |
File Content Preview: | MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......W..s... ... ... 4$. ... ..' ... ..! ... ..7 ... 4$. ... ... 9.. ..0 ... ..> ... ..& ... .. ... ..% ... Rich... ............... |
Icon Hash: | b8868baba9aba2d8 |
Entrypoint: | 0xa1bbf0 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6622A3B2 [Fri Apr 19 17:02:42 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 54fd1bf9eef8b65eee1ffc42a5a83e2c |
Signature Valid: | true |
Signature Issuer: | CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 9F6024222A122AF737C6E696FF357C9E |
Thumbprint SHA-1: | F08E233859A8F79ADD05BA4A96FF5FFB1FD28057 |
Thumbprint SHA-256: | CFB460E5E314F4E6D78210E59B1A00C578395DDEB11CB7EBF5C9671C6C84A189 |
Serial: | 00F14C5E6AB968284264F1B070B99D3C70 |
Instruction |
---|
call 00007FD148E7492Bh |
jmp 00007FD148E74343h |
jmp dword ptr [00AB14D0h] |
push 00A6DE50h |
push dword ptr fs:[00000000h] |
mov eax, dword ptr [esp+10h] |
mov dword ptr [esp+10h], ebp |
lea ebp, dword ptr [esp+10h] |
sub esp, eax |
push ebx |
push esi |
push edi |
mov eax, dword ptr [00AF7064h] |
xor dword ptr [ebp-04h], eax |
xor eax, ebp |
push eax |
mov dword ptr [ebp-18h], esp |
push dword ptr [ebp-08h] |
mov eax, dword ptr [ebp-04h] |
mov dword ptr [ebp-04h], FFFFFFFEh |
mov dword ptr [ebp-08h], eax |
lea eax, dword ptr [ebp-10h] |
mov dword ptr fs:[00000000h], eax |
ret |
mov ecx, dword ptr [ebp-10h] |
mov dword ptr fs:[00000000h], ecx |
pop ecx |
pop edi |
pop edi |
pop esi |
pop ebx |
mov esp, ebp |
pop ebp |
push ecx |
ret |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007FD1488DEFDCh |
mov dword ptr [esi], 00ACCCECh |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 00ACCCF4h |
mov dword ptr [ecx], 00ACCCECh |
ret |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007FD1488DEFA9h |
mov dword ptr [esi], 00ACCD08h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 0000CD10h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x6f4e14 | 0xdc | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x702000 | 0x2488 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x169f2b0 | 0x29b0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x705000 | 0x182e0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x6e8910 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x6e898c | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x6e8930 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x6b1000 | 0x4d0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6afd5d | 0x6afe00 | 22d2826d0587699dec9f84a9a9d09eda | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x6b1000 | 0x456fe | 0x45800 | d88947d434aa42f6bbdffcb54a83f787 | False | 0.411585965602518 | data | 5.608402342408538 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x6f7000 | 0x8a88 | 0x3600 | ba799200c79b6fd5e2db1b4354347f21 | False | 0.2107204861111111 | data | 4.535916250793366 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.gfids | 0x700000 | 0xa7c | 0xc00 | fdcf7d44757eb126dce8adc72d08e7a6 | False | 0.3567708333333333 | Spectrum .TAP data "\012 " - BASIC program | 3.2645031321793825 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0x701000 | 0x9 | 0x200 | 1f354d76203061bfdd5a53dae48d5435 | False | 0.033203125 | data | 0.020393135236084953 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x702000 | 0x2488 | 0x2600 | dba559e0141e4cc974f425e80325c6e2 | False | 0.31219161184210525 | data | 3.7691741292226077 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x705000 | 0x182e0 | 0x18400 | 3dafa41774725e077f3cd68ed02697aa | False | 0.6071701836340206 | data | 6.579199318519773 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x702820 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.16532258064516128 |
RT_ICON | 0x702b08 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | United States | 0.32094594594594594 |
RT_DIALOG | 0x7031a8 | 0x1fc | data | English | United States | 0.4704724409448819 |
RT_DIALOG | 0x702c58 | 0x12e | data | English | United States | 0.6225165562913907 |
RT_DIALOG | 0x702d88 | 0x2f4 | data | English | United States | 0.48148148148148145 |
RT_DIALOG | 0x703080 | 0x126 | data | English | United States | 0.5850340136054422 |
RT_STRING | 0x703a08 | 0x3e | Matlab v4 mat-file (little endian) C, numeric, rows 0, columns 0 | English | United States | 0.6774193548387096 |
RT_STRING | 0x7039c0 | 0x42 | data | English | United States | 0.7121212121212122 |
RT_STRING | 0x703a48 | 0x60 | data | English | United States | 0.5625 |
RT_STRING | 0x704458 | 0x30 | data | English | United States | 0.5833333333333334 |
RT_STRING | 0x703aa8 | 0x208 | Matlab v4 mat-file (little endian) h, numeric, rows 0, columns 0 | English | United States | 0.4269230769230769 |
RT_STRING | 0x703cb0 | 0xe2 | Matlab v4 mat-file (little endian) C, numeric, rows 0, columns 0 | English | United States | 0.43805309734513276 |
RT_STRING | 0x703d98 | 0x34 | data | English | United States | 0.6538461538461539 |
RT_STRING | 0x703dd0 | 0x30 | data | English | United States | 0.6041666666666666 |
RT_STRING | 0x703e00 | 0x6e | Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0 | English | United States | 0.6818181818181818 |
RT_STRING | 0x703e70 | 0x11a | data | English | United States | 0.5035460992907801 |
RT_STRING | 0x703f90 | 0x6a | data | English | United States | 0.5471698113207547 |
RT_STRING | 0x703988 | 0x32 | data | English | United States | 0.58 |
RT_STRING | 0x704000 | 0x1ea | data | English | United States | 0.363265306122449 |
RT_STRING | 0x7041f0 | 0x156 | Matlab v4 mat-file (little endian) U, numeric, rows 0, columns 0 | English | United States | 0.5175438596491229 |
RT_STRING | 0x704348 | 0x56 | data | English | United States | 0.6162790697674418 |
RT_STRING | 0x7043a0 | 0xb6 | data | English | United States | 0.5164835164835165 |
RT_GROUP_ICON | 0x702c30 | 0x22 | data | English | United States | 1.0 |
RT_VERSION | 0x702550 | 0x2d0 | data | English | United States | 0.44166666666666665 |
RT_MANIFEST | 0x7033a8 | 0x5de | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.46604527296937415 |
DLL | Import |
---|---|
KERNEL32.dll | GetCurrentThread, InitializeCriticalSectionAndSpinCount, GetDateFormatW, SleepEx, DeleteTimerQueueTimer, GetModuleHandleA, GetModuleHandleExW, GetCurrentProcessId, FileTimeToSystemTime, GetVersionExW, GetModuleHandleW, SetFileTime, ReadFile, VirtualProtect, SetFileAttributesW, GlobalMemoryStatus, LocalFree, GetFileAttributesExW, lstrcatA, GetConsoleMode, CreateThread, GetEnvironmentVariableA, LoadLibraryExW, CompareFileTime, EnterCriticalSection, GetCPInfo, CreateEventW, CompareStringW, TlsAlloc, GetTimeZoneInformation, GetSystemDirectoryW, ReadConsoleW, UnregisterWait, DeleteCriticalSection, GetFileType, GetCommandLineW, GetUserDefaultLCID, GetStartupInfoW, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapSize, UnhandledExceptionFilter, WriteConsoleW, WriteFile, RtlUnwind, CreateDirectoryW, GlobalFree, GetSystemTimeAsFileTime, RaiseException, QueryPerformanceCounter, SetFilePointerEx, WaitForMultipleObjects, GetFileSizeEx, UnregisterWaitEx, GetThreadPriority, GetFullPathNameW, FindClose, DeleteFileW, QueryDepthSList, RemoveDirectoryW, GetProcessHeap, TryEnterCriticalSection, MultiByteToWideChar, FreeEnvironmentStringsW, GetACP, WaitForSingleObjectEx, GetFileAttributesW, TerminateProcess, EncodePointer, GetEnvironmentStringsW, VerifyVersionInfoW, DecodePointer, SystemTimeToTzSpecificLocalTime, SetEvent, GetThreadTimes, GetCommandLineA, FormatMessageW, GetLastError, GlobalAlloc, VerSetConditionMask, ReleaseSemaphore, LeaveCriticalSection, DuplicateHandle, InitializeCriticalSection, LoadLibraryW, ExitProcess, GetProcessAffinityMask, InitializeSListHead, GetVersion, GetProcAddress, HeapFree, GetCurrentDirectoryW, GetSystemInfo, SetEnvironmentVariableW, RegisterWaitForSingleObject, FlushFileBuffers, PeekNamedPipe, FreeLibraryAndExitThread, GetTimeFormatW, SetLastError, HeapReAlloc, FindFirstFileExW, Sleep, LCMapStringW, FreeLibrary, SignalObjectAndWait, SetEndOfFile, GetCurrentProcess, CreateFileW, EnumSystemLocalesW, GetDriveTypeW, QueryPerformanceFrequency, InterlockedPopEntrySList, SetThreadPriority, CreateTimerQueueTimer, VirtualAlloc, SetThreadAffinityMask, GetCurrentThreadId, GetStringTypeW, GetLocaleInfoW, SetFilePointer, WideCharToMultiByte, ResetEvent, GetLogicalProcessorInformation, GetNumaHighestNodeNumber, GlobalUnlock, MoveFileExW, IsValidCodePage, AcquireSRWLockExclusive, InterlockedFlushSList, GetConsoleOutputCP, IsValidLocale, CloseHandle, InterlockedPushEntrySList, GetOEMCP, VirtualFree, GetTickCount64, CreateSemaphoreW, CreateTimerQueue, InitializeCriticalSectionEx, SetPriorityClass, ChangeTimerQueueTimer, lstrlenA, TlsSetValue, IsProcessorFeaturePresent, GetFileInformationByHandle, FindNextFileW, GetFileSize, MoveFileW, GlobalLock, FileTimeToLocalFileTime, GetLogicalDriveStringsW, FindFirstFileW, TlsGetValue, WaitForSingleObject, HeapAlloc, GetTickCount, GetStdHandle, ExitThread, SetStdHandle, ReleaseSRWLockExclusive, TlsFree, GetModuleFileNameW, SwitchToThread |
USER32.dll | KillTimer, GetWindowRect, IsDlgButtonChecked, SetTimer, MapDialogRect, CheckDlgButton, GetWindowTextLengthW, LoadCursorW, SystemParametersInfoW, SetDlgItemTextW, GetWindowTextW, GetWindowLongW, OpenClipboard, CloseClipboard, MessageBoxA, MonitorFromWindow, EmptyClipboard, GetParent, SetClipboardData, SetFocus, PostMessageW, GetDlgItem, LoadIconW, CharUpperW, LoadStringW, GetKeyState, SetWindowLongW, DialogBoxParamW, ScreenToClient, InvalidateRect, MessageBoxW, EnableWindow, EndDialog, SetWindowTextW, SetCursor, GetFocus, wsprintfA, SendMessageW, GetMonitorInfoA, MoveWindow, ShowWindow |
ADVAPI32.dll | CryptAcquireContextW, CryptCreateHash, CryptHashData, CryptGetHashParam, CloseServiceHandle, CryptImportKey, CryptDestroyKey, CryptReleaseContext, CryptDestroyHash, CryptEncrypt |
SHELL32.dll | SHGetPathFromIDListW, SHGetFileInfoW, SHGetSpecialFolderPathW, SHBrowseForFolderW |
ole32.dll | OleInitialize, CoUninitialize, CoCreateInstance, CoTaskMemFree, CoInitialize |
OLEAUT32.dll | SysAllocString, SysFreeString, VariantClear, SysAllocStringLen, SysStringLen |
bcrypt.dll | BCryptGenRandom |
CRYPT32.dll | CertAddCertificateContextToStore, CryptDecodeObjectEx, CertOpenStore, CryptStringToBinaryW, CertFindCertificateInStore, CertCreateCertificateChainEngine, CertFreeCertificateChainEngine, CertGetCertificateChain, CertFreeCertificateContext, PFXImportCertStore, CertFreeCertificateChain, CertCloseStore, CertEnumCertificatesInStore, CertGetNameStringW, CryptQueryObject, CertFindExtension |
WLDAP32.dll | |
WS2_32.dll | recvfrom, sendto, getpeername, ioctlsocket, gethostname, WSAWaitForMultipleEvents, getaddrinfo, getsockopt, send, WSAResetEvent, WSAEnumNetworkEvents, WSACreateEvent, socket, WSAEventSelect, WSAIoctl, closesocket, WSAGetLastError, ntohs, WSASetLastError, WSAStartup, WSACleanup, htons, setsockopt, WSACloseEvent, __WSAFDIsSet, select, accept, bind, connect, getsockname, htonl, listen, recv, freeaddrinfo |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 19:26:59.538575888 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Apr 26, 2024 19:27:05.793345928 CEST | 49735 | 443 | 192.168.2.4 | 104.26.5.9 |
Apr 26, 2024 19:27:05.793375969 CEST | 443 | 49735 | 104.26.5.9 | 192.168.2.4 |
Apr 26, 2024 19:27:05.793440104 CEST | 49735 | 443 | 192.168.2.4 | 104.26.5.9 |
Apr 26, 2024 19:27:05.806127071 CEST | 49735 | 443 | 192.168.2.4 | 104.26.5.9 |
Apr 26, 2024 19:27:05.806143999 CEST | 443 | 49735 | 104.26.5.9 | 192.168.2.4 |
Apr 26, 2024 19:27:06.074327946 CEST | 443 | 49735 | 104.26.5.9 | 192.168.2.4 |
Apr 26, 2024 19:27:06.074428082 CEST | 49735 | 443 | 192.168.2.4 | 104.26.5.9 |
Apr 26, 2024 19:27:06.078320026 CEST | 49735 | 443 | 192.168.2.4 | 104.26.5.9 |
Apr 26, 2024 19:27:06.078334093 CEST | 443 | 49735 | 104.26.5.9 | 192.168.2.4 |
Apr 26, 2024 19:27:06.078635931 CEST | 443 | 49735 | 104.26.5.9 | 192.168.2.4 |
Apr 26, 2024 19:27:06.083605051 CEST | 49735 | 443 | 192.168.2.4 | 104.26.5.9 |
Apr 26, 2024 19:27:06.124129057 CEST | 443 | 49735 | 104.26.5.9 | 192.168.2.4 |
Apr 26, 2024 19:27:06.477555037 CEST | 443 | 49735 | 104.26.5.9 | 192.168.2.4 |
Apr 26, 2024 19:27:06.477665901 CEST | 443 | 49735 | 104.26.5.9 | 192.168.2.4 |
Apr 26, 2024 19:27:06.477777004 CEST | 49735 | 443 | 192.168.2.4 | 104.26.5.9 |
Apr 26, 2024 19:27:06.496902943 CEST | 49735 | 443 | 192.168.2.4 | 104.26.5.9 |
Apr 26, 2024 19:27:06.496939898 CEST | 443 | 49735 | 104.26.5.9 | 192.168.2.4 |
Apr 26, 2024 19:27:09.148166895 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Apr 26, 2024 19:27:23.294423103 CEST | 49736 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:27:23.294461966 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:23.294543028 CEST | 49736 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:27:23.296345949 CEST | 49736 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:27:23.296358109 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:23.931346893 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:23.931443930 CEST | 49736 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:27:23.936835051 CEST | 49736 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:27:23.936851025 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:23.937268972 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:23.991633892 CEST | 49736 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:27:26.417726994 CEST | 49736 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:27:26.459108114 CEST | 49723 | 80 | 192.168.2.4 | 23.45.182.93 |
Apr 26, 2024 19:27:26.460119963 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:26.584160089 CEST | 80 | 49723 | 23.45.182.93 | 192.168.2.4 |
Apr 26, 2024 19:27:26.584296942 CEST | 49723 | 80 | 192.168.2.4 | 23.45.182.93 |
Apr 26, 2024 19:27:26.824908972 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:26.824995041 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:26.825017929 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:26.825035095 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:26.825073957 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:26.825092077 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:26.825112104 CEST | 49736 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:27:26.825146914 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:26.825167894 CEST | 49736 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:27:26.825197935 CEST | 49736 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:27:26.825495958 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:26.825558901 CEST | 49736 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:27:26.825567961 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:26.825696945 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:26.829905033 CEST | 49736 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:27:26.901432991 CEST | 49736 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:27:26.901465893 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:26.901484013 CEST | 49736 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:27:26.901489973 CEST | 443 | 49736 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:27:37.768564939 CEST | 80 | 49724 | 208.111.136.0 | 192.168.2.4 |
Apr 26, 2024 19:27:37.768709898 CEST | 49724 | 80 | 192.168.2.4 | 208.111.136.0 |
Apr 26, 2024 19:27:37.768810987 CEST | 49724 | 80 | 192.168.2.4 | 208.111.136.0 |
Apr 26, 2024 19:27:37.895354033 CEST | 80 | 49724 | 208.111.136.0 | 192.168.2.4 |
Apr 26, 2024 19:27:47.238781929 CEST | 49731 | 80 | 192.168.2.4 | 172.64.149.23 |
Apr 26, 2024 19:27:47.238828897 CEST | 49732 | 80 | 192.168.2.4 | 104.18.38.233 |
Apr 26, 2024 19:27:47.238869905 CEST | 49730 | 80 | 192.168.2.4 | 104.18.38.233 |
Apr 26, 2024 19:27:47.363337994 CEST | 80 | 49732 | 104.18.38.233 | 192.168.2.4 |
Apr 26, 2024 19:27:47.363456964 CEST | 49732 | 80 | 192.168.2.4 | 104.18.38.233 |
Apr 26, 2024 19:27:47.363826990 CEST | 80 | 49731 | 172.64.149.23 | 192.168.2.4 |
Apr 26, 2024 19:27:47.363892078 CEST | 49731 | 80 | 192.168.2.4 | 172.64.149.23 |
Apr 26, 2024 19:27:47.364345074 CEST | 80 | 49730 | 104.18.38.233 | 192.168.2.4 |
Apr 26, 2024 19:27:47.364393950 CEST | 49730 | 80 | 192.168.2.4 | 104.18.38.233 |
Apr 26, 2024 19:28:04.999218941 CEST | 49741 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:28:04.999250889 CEST | 443 | 49741 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:28:04.999315023 CEST | 49741 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:28:04.999722004 CEST | 49741 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:28:04.999737024 CEST | 443 | 49741 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:28:05.612243891 CEST | 443 | 49741 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:28:05.612327099 CEST | 49741 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:28:05.616559982 CEST | 49741 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:28:05.616573095 CEST | 443 | 49741 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:28:05.616796970 CEST | 443 | 49741 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:28:05.625123024 CEST | 49741 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:28:05.668133020 CEST | 443 | 49741 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:28:06.215008974 CEST | 443 | 49741 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:28:06.215063095 CEST | 443 | 49741 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:28:06.215105057 CEST | 443 | 49741 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:28:06.215140104 CEST | 49741 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:28:06.215167046 CEST | 443 | 49741 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:28:06.215204954 CEST | 49741 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:28:06.215233088 CEST | 49741 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:28:06.215323925 CEST | 443 | 49741 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:28:06.215362072 CEST | 443 | 49741 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:28:06.215440035 CEST | 49741 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:28:06.215446949 CEST | 443 | 49741 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:28:06.215513945 CEST | 49741 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:28:06.215521097 CEST | 443 | 49741 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:28:06.215610027 CEST | 49741 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:28:06.223395109 CEST | 49741 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:28:06.223395109 CEST | 49741 | 443 | 192.168.2.4 | 20.114.59.183 |
Apr 26, 2024 19:28:06.223414898 CEST | 443 | 49741 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:28:06.223424911 CEST | 443 | 49741 | 20.114.59.183 | 192.168.2.4 |
Apr 26, 2024 19:28:48.423017979 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.423098087 CEST | 443 | 49745 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.423193932 CEST | 49746 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.423219919 CEST | 443 | 49746 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.423238993 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.423552990 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.423579931 CEST | 49746 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.423593044 CEST | 443 | 49745 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.423937082 CEST | 49746 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.423963070 CEST | 443 | 49746 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.466087103 CEST | 49747 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.466105938 CEST | 443 | 49747 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.466171980 CEST | 49747 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.466412067 CEST | 49747 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.466428041 CEST | 443 | 49747 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.513073921 CEST | 49748 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.513118982 CEST | 443 | 49748 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.513463974 CEST | 49748 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.513885975 CEST | 49748 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.513916016 CEST | 443 | 49748 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.818263054 CEST | 443 | 49746 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.818614960 CEST | 49746 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.818631887 CEST | 443 | 49746 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.819684982 CEST | 443 | 49746 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.819786072 CEST | 49746 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.821146011 CEST | 49746 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.821249962 CEST | 443 | 49746 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.821427107 CEST | 49746 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.853456020 CEST | 443 | 49747 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.853727102 CEST | 49747 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.853739023 CEST | 443 | 49747 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.854768038 CEST | 443 | 49747 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.854827881 CEST | 49747 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.855823040 CEST | 49747 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.855887890 CEST | 443 | 49747 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.856198072 CEST | 49747 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.856206894 CEST | 443 | 49747 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.866661072 CEST | 49746 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.866679907 CEST | 443 | 49746 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.905495882 CEST | 443 | 49748 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.910548925 CEST | 49748 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.910581112 CEST | 443 | 49748 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.911722898 CEST | 443 | 49748 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.911794901 CEST | 49748 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.913820028 CEST | 49746 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.929441929 CEST | 49747 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.944864988 CEST | 49748 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.944977045 CEST | 443 | 49748 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.946069002 CEST | 49748 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:48.946084023 CEST | 443 | 49748 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:48.991936922 CEST | 49748 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:49.222712040 CEST | 443 | 49746 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:49.222754955 CEST | 443 | 49746 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:49.222810030 CEST | 49746 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:49.222822905 CEST | 443 | 49746 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:49.225841045 CEST | 443 | 49746 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:49.225895882 CEST | 49746 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:49.539467096 CEST | 443 | 49747 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:49.539525032 CEST | 49747 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:49.539539099 CEST | 443 | 49747 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:49.540915012 CEST | 443 | 49747 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:49.540957928 CEST | 49747 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:49.556018114 CEST | 443 | 49748 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:49.556088924 CEST | 49748 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:49.556106091 CEST | 443 | 49748 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:49.559663057 CEST | 443 | 49748 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:49.559708118 CEST | 49748 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:49.775712013 CEST | 443 | 49745 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:49.824795961 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:50.605576038 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:50.605629921 CEST | 443 | 49745 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:50.607034922 CEST | 443 | 49745 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:50.607100964 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:50.607907057 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:50.607978106 CEST | 443 | 49745 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:50.619592905 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:50.619611979 CEST | 443 | 49745 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:50.623333931 CEST | 49747 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:50.623351097 CEST | 443 | 49747 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:50.714802980 CEST | 49748 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:50.714813948 CEST | 443 | 49748 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:50.716296911 CEST | 49746 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:50.716305971 CEST | 443 | 49746 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:50.718765974 CEST | 49749 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:50.718795061 CEST | 443 | 49749 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:50.718847990 CEST | 49749 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:50.719261885 CEST | 49749 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:50.719276905 CEST | 443 | 49749 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:50.725224972 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.046986103 CEST | 443 | 49749 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.047775984 CEST | 49749 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.047791004 CEST | 443 | 49749 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.048261881 CEST | 443 | 49749 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.048593044 CEST | 49749 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.048672915 CEST | 49749 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.048676014 CEST | 443 | 49749 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.096133947 CEST | 443 | 49749 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.101496935 CEST | 443 | 49745 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.101573944 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.101612091 CEST | 443 | 49745 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.101655960 CEST | 443 | 49745 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.101713896 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.102775097 CEST | 49745 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.102809906 CEST | 443 | 49745 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.104758024 CEST | 49753 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.104784012 CEST | 443 | 49753 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.104835033 CEST | 49753 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.105074883 CEST | 49753 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.105093956 CEST | 443 | 49753 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.105752945 CEST | 49749 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.402848005 CEST | 443 | 49749 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.402972937 CEST | 443 | 49749 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.403043032 CEST | 49749 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.403055906 CEST | 443 | 49749 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.403285980 CEST | 443 | 49749 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.403381109 CEST | 49749 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.404496908 CEST | 49749 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.404515982 CEST | 443 | 49749 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.435236931 CEST | 443 | 49753 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.435486078 CEST | 49753 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.435503960 CEST | 443 | 49753 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.435834885 CEST | 443 | 49753 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.436157942 CEST | 49753 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.436223984 CEST | 443 | 49753 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.436323881 CEST | 49753 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.484112024 CEST | 443 | 49753 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.763351917 CEST | 443 | 49753 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.763386965 CEST | 443 | 49753 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.763411045 CEST | 443 | 49753 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.763443947 CEST | 49753 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.763463974 CEST | 443 | 49753 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.763520002 CEST | 49753 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.763638020 CEST | 443 | 49753 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.763695002 CEST | 443 | 49753 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:51.763777971 CEST | 49753 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.765655041 CEST | 49753 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:51.765667915 CEST | 443 | 49753 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:52.481137037 CEST | 49754 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:52.481185913 CEST | 443 | 49754 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:52.481271029 CEST | 49754 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:52.481507063 CEST | 49754 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:52.481513023 CEST | 443 | 49754 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:52.874917030 CEST | 443 | 49754 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:52.875257969 CEST | 49754 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:52.875274897 CEST | 443 | 49754 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:52.875729084 CEST | 443 | 49754 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:52.876077890 CEST | 49754 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:52.876172066 CEST | 443 | 49754 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:28:52.927851915 CEST | 49754 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:28:55.285180092 CEST | 49756 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:55.285265923 CEST | 443 | 49756 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:55.285340071 CEST | 49756 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:55.286478996 CEST | 49756 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:55.286513090 CEST | 443 | 49756 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:55.545401096 CEST | 443 | 49756 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:55.545512915 CEST | 49756 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:55.547245979 CEST | 49756 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:55.547266960 CEST | 443 | 49756 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:55.547549009 CEST | 443 | 49756 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:55.586390018 CEST | 49756 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:55.628133059 CEST | 443 | 49756 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:55.790136099 CEST | 443 | 49756 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:55.790199041 CEST | 443 | 49756 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:55.790266991 CEST | 49756 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:55.790402889 CEST | 49756 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:55.790422916 CEST | 443 | 49756 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:55.790435076 CEST | 49756 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:55.790441036 CEST | 443 | 49756 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:55.824489117 CEST | 49757 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:55.824516058 CEST | 443 | 49757 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:55.824605942 CEST | 49757 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:55.825079918 CEST | 49757 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:55.825092077 CEST | 443 | 49757 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:56.078519106 CEST | 443 | 49757 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:56.078710079 CEST | 49757 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:56.079960108 CEST | 49757 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:56.079979897 CEST | 443 | 49757 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:56.080214977 CEST | 443 | 49757 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:56.081557989 CEST | 49757 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:56.128113031 CEST | 443 | 49757 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:56.327789068 CEST | 443 | 49757 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:56.328382015 CEST | 443 | 49757 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:56.328464985 CEST | 49757 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:56.328731060 CEST | 49757 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:56.328731060 CEST | 49757 | 443 | 192.168.2.4 | 23.204.76.112 |
Apr 26, 2024 19:28:56.328752995 CEST | 443 | 49757 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:28:56.328761101 CEST | 443 | 49757 | 23.204.76.112 | 192.168.2.4 |
Apr 26, 2024 19:29:02.873841047 CEST | 443 | 49754 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:29:02.874026060 CEST | 443 | 49754 | 142.250.217.164 | 192.168.2.4 |
Apr 26, 2024 19:29:02.874095917 CEST | 49754 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:29:03.387440920 CEST | 49754 | 443 | 192.168.2.4 | 142.250.217.164 |
Apr 26, 2024 19:29:03.387495041 CEST | 443 | 49754 | 142.250.217.164 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 19:27:05.660631895 CEST | 52504 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 26, 2024 19:27:05.787477016 CEST | 53 | 52504 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 19:27:25.821840048 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Apr 26, 2024 19:28:48.014345884 CEST | 53 | 61744 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 19:28:48.291964054 CEST | 55201 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 26, 2024 19:28:48.292228937 CEST | 56612 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 26, 2024 19:28:48.329982042 CEST | 53 | 51753 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 19:28:48.417093992 CEST | 53 | 56612 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 19:28:48.417182922 CEST | 53 | 55201 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 19:28:50.835720062 CEST | 53 | 63155 | 1.1.1.1 | 192.168.2.4 |
Apr 26, 2024 19:29:09.445820093 CEST | 53 | 64723 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 26, 2024 19:27:05.660631895 CEST | 192.168.2.4 | 1.1.1.1 | 0x3000 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 19:28:48.291964054 CEST | 192.168.2.4 | 1.1.1.1 | 0x2a2a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 19:28:48.292228937 CEST | 192.168.2.4 | 1.1.1.1 | 0xa48 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 26, 2024 19:27:05.787477016 CEST | 1.1.1.1 | 192.168.2.4 | 0x3000 | No error (0) | 104.26.5.9 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:27:05.787477016 CEST | 1.1.1.1 | 192.168.2.4 | 0x3000 | No error (0) | 104.26.4.9 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:27:05.787477016 CEST | 1.1.1.1 | 192.168.2.4 | 0x3000 | No error (0) | 172.67.71.130 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 19:28:48.417093992 CEST | 1.1.1.1 | 192.168.2.4 | 0xa48 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 26, 2024 19:28:48.417182922 CEST | 1.1.1.1 | 192.168.2.4 | 0x2a2a | No error (0) | 142.250.217.164 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49735 | 104.26.5.9 | 443 | 6404 | C:\Users\user\Desktop\File-11F_385347.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 17:27:06 UTC | 179 | OUT | |
2024-04-26 17:27:06 UTC | 550 | IN | |
2024-04-26 17:27:06 UTC | 38 | IN | |
2024-04-26 17:27:06 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49736 | 20.114.59.183 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 17:27:26 UTC | 306 | OUT | |
2024-04-26 17:27:26 UTC | 560 | IN | |
2024-04-26 17:27:26 UTC | 15824 | IN | |
2024-04-26 17:27:26 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49741 | 20.114.59.183 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 17:28:05 UTC | 306 | OUT | |
2024-04-26 17:28:06 UTC | 560 | IN | |
2024-04-26 17:28:06 UTC | 15824 | IN | |
2024-04-26 17:28:06 UTC | 9633 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49746 | 142.250.217.164 | 443 | 5304 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 17:28:48 UTC | 607 | OUT | |
2024-04-26 17:28:49 UTC | 1703 | IN | |
2024-04-26 17:28:49 UTC | 757 | IN | |
2024-04-26 17:28:49 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49747 | 142.250.217.164 | 443 | 5304 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 17:28:48 UTC | 353 | OUT | |
2024-04-26 17:28:49 UTC | 1816 | IN | |
2024-04-26 17:28:49 UTC | 427 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49748 | 142.250.217.164 | 443 | 5304 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 17:28:48 UTC | 510 | OUT | |
2024-04-26 17:28:49 UTC | 1843 | IN | |
2024-04-26 17:28:49 UTC | 458 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49745 | 142.250.217.164 | 443 | 5304 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 17:28:50 UTC | 353 | OUT | |
2024-04-26 17:28:51 UTC | 1760 | IN | |
2024-04-26 17:28:51 UTC | 417 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49749 | 142.250.217.164 | 443 | 5304 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 17:28:51 UTC | 912 | OUT | |
2024-04-26 17:28:51 UTC | 356 | IN | |
2024-04-26 17:28:51 UTC | 899 | IN | |
2024-04-26 17:28:51 UTC | 1255 | IN | |
2024-04-26 17:28:51 UTC | 1032 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49753 | 142.250.217.164 | 443 | 5304 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 17:28:51 UTC | 738 | OUT | |
2024-04-26 17:28:51 UTC | 356 | IN | |
2024-04-26 17:28:51 UTC | 899 | IN | |
2024-04-26 17:28:51 UTC | 1255 | IN | |
2024-04-26 17:28:51 UTC | 960 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49756 | 23.204.76.112 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 17:28:55 UTC | 161 | OUT | |
2024-04-26 17:28:55 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.4 | 49757 | 23.204.76.112 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 17:28:56 UTC | 239 | OUT | |
2024-04-26 17:28:56 UTC | 530 | IN | |
2024-04-26 17:28:56 UTC | 55 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 19:27:04 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\Desktop\File-11F_385347.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xab0000 |
File size: | 23'731'296 bytes |
MD5 hash: | 08EA1813D6B205C446E6AE655C4E6715 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 19:28:46 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 8 |
Start time: | 19:28:46 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x600000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 14.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 6.2% |
Total number of Nodes: | 322 |
Total number of Limit Nodes: | 6 |
Graph
Callgraph
Function 0112216D Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01126705 Relevance: 4.5, APIs: 3, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011220B8 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0112A3A6 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011348DF Relevance: 2.6, APIs: 2, Instructions: 125COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0112967F Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011223FD Relevance: 4.6, APIs: 3, Instructions: 77COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AB1380 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011354F8 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0113553C Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01126779 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0112679B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |