Edit tour
Windows
Analysis Report
IDProtect Manager.exe
Overview
General Information
| Sample name: | IDProtect Manager.exe |
| Analysis ID: | 1432382 |
| MD5: | 1c9346769dc9ada9f73b7269170ad1b7 |
| SHA1: | fa91f3c98128408afa678e2e178ccade48af04f7 |
| SHA256: | 38728ac836784cd661dffdb6f169ab7a45d0816dfba3372ec601d57392b9dab1 |
| Infos: | |
 | |
Detection
| Score: | 2 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 60% |
Signatures
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE / OLE file has an invalid certificate
Stores files to the Windows start menu directory
Uses 32bit PE files
Classification
Analysis Advice
| Sample has a GUI, but Joe Sandbox has not found any clickable buttons, likely more UI automation may extend behavior |
| Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
- System is w10x64_ra
IDProtect Manager.exe (PID: 7044 cmdline: "C:\Users\ user\Deskt op\IDProte ct Manager .exe" MD5: 1C9346769DC9ADA9F73B7269170AD1B7)
chrome.exe (PID: 7160 cmdline: "C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6360 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2140 --fi eld-trial- handle=196 0,i,446565 2620104932 970,159681 5676281828 7997,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
rundll32.exe (PID: 7468 cmdline: C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
- IDProtect Manager.exe (PID: 7648 cmdline:
"C:\Users\ user\Deskt op\IDProte ct Manager .exe" MD5: 1C9346769DC9ADA9F73B7269170AD1B7)
- IDProtect Manager.exe (PID: 7800 cmdline:
"C:\Users\ user\Deskt op\IDProte ct Manager .exe" MD5: 1C9346769DC9ADA9F73B7269170AD1B7)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | Window found: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Rundll32 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 1 Process Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| www.google.com | 142.250.217.196 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 142.250.217.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
| 239.255.255.250 | unknown | Reserved | unknown | unknown | false |
| IP |
|---|
| 192.168.2.16 |
| 192.168.2.4 |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1432382 |
| Start date and time: | 2024-04-26 23:59:24 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 0s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 19 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | IDProtect Manager.exe |
| Detection: | CLEAN |
| Classification: | clean2.winEXE@20/8@2/4 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.217.165.195, 173.194.212.84, 142.250.217.238, 34.104.35.123, 72.21.81.240, 142.250.80.67, 142.250.80.78
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target IDProtect Manager.exe, PID 7044 because there are no executed function
- Execution Graph export aborted for target IDProtect Manager.exe, PID 7648 because there are no executed function
- Execution Graph export aborted for target IDProtect Manager.exe, PID 7800 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: IDProtect Manager.exe
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 239.255.255.250 | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Chaos, Conti, LockBit ransomware, TrojanRansom | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Latrodectus | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Latrodectus | Browse | |||
| Get hash | malicious | Clipboard Hijacker | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse |
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Chaos, Conti, LockBit ransomware, TrojanRansom | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Latrodectus | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Latrodectus | Browse |
| ||
| Get hash | malicious | Clipboard Hijacker | Browse |
| ||
| Get hash | malicious | Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, zgRAT | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
⊘No context
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2673 |
| Entropy (8bit): | 3.9860235414371963 |
| Encrypted: | false |
| SSDEEP: | 48:83dyTea3H0idAKZdA1FehwiZUklqehBy+3:8U/q2y |
| MD5: | A6D93B1B83EE82061832586D4438224E |
| SHA1: | 590EA2A9E62C37EDBD193725F24C4918EC017D4E |
| SHA-256: | 9B4FED35481A3E36F3069DEF1BC0C5FA0B66D5A177AB211C5BC291FD1DFEF013 |
| SHA-512: | 781DB81EFAF41621FFA5C8CD75BB9C4275CB30065B7FD4639B9C55501B85C74D5E0F9B507399E268BC4E3AFDC56F801F0326004C0B7ED968942C9CBFF31EC577 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2675 |
| Entropy (8bit): | 4.003106175129667 |
| Encrypted: | false |
| SSDEEP: | 48:8xdyTea3H0idAKZdA1seh/iZUkAQkqehmy+2:8W/E9QLy |
| MD5: | 545BF3BDF80A29A9C3F7FE6E7322FD81 |
| SHA1: | C9DB752A804426144A1160E5BCB9C831A19509DB |
| SHA-256: | D1BBE13D55895DAE1869FD59AD292B6BF6714A76477251D919F260970968C1DE |
| SHA-512: | 472D87197842E055604AA078EEC317E416BD8B228C7B3DBA8931E5DBB976F903721BC82F96CD27A12BE623433A8ED885B8BE91DCE2D70EFE8FAA3FFD3D9F9E8E |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2689 |
| Entropy (8bit): | 4.009685739800147 |
| Encrypted: | false |
| SSDEEP: | 48:8ZdyTeaAH0idAKZdA14meh7sFiZUkmgqeh7s4y+BX:8u/1nyy |
| MD5: | 9AA0BAE4AEFAA14FFA71C67926DC9102 |
| SHA1: | 0D3DEDED7B60C62EB7199933CF2A69D04ED934BD |
| SHA-256: | 3A4A7B9147178917D532184402D8A0785ADB669E6B258AC84372BCC8B7195753 |
| SHA-512: | 9FEAFA271ED6C599FE9D15833A1DA8F307E40A8EB7B992C1AE7BFC18B5EBACAE36A9FF3276EB52A3757C0C6BD0D81F2C1486C47EE5EE1AF65FCA4313423F733D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2677 |
| Entropy (8bit): | 3.9988284461375825 |
| Encrypted: | false |
| SSDEEP: | 48:8+ldyTea3H0idAKZdA1TehDiZUkwqehKy+R:83/fQy |
| MD5: | 569FEC96552F3E0906BD60F9D39C17CD |
| SHA1: | E8D86A56BFA92F0A6B52D5D87EDEC7AC3FEC83C0 |
| SHA-256: | 067FEE3F1AC07092825F158490D75299430A3EBAB5A7A551AF489967D04F3ED8 |
| SHA-512: | ADAB029AF6E827F3F3893F69FE54173E9C84D37769E130331C8679F5926207A446D20512F91001C123357EF5D9D41C1DEC38A75357CEC75D530D2282C309F104 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2677 |
| Entropy (8bit): | 3.989969531384953 |
| Encrypted: | false |
| SSDEEP: | 48:89dyTea3H0idAKZdA1dehBiZUk1W1qehEy+C:8C//9ky |
| MD5: | 6933DDD979BEDD5E1716D0B818CBCC2D |
| SHA1: | 0B037095623299F2BDAC89E1FB15CD5484A9451B |
| SHA-256: | 5948AC8E36C294B2AE10F48F3D2644A86DD09BF4B5A82FE4498393F1A69F5842 |
| SHA-512: | 86189645E0914360097B62FAC688AA10D24E3D8973B4BF59A16BF31023FAE135629794CBDEE290C5DF5C2DC034DBA7569384642F6F9CBC274A6CEA8184616AF5 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2679 |
| Entropy (8bit): | 4.001041247863082 |
| Encrypted: | false |
| SSDEEP: | 48:8FdyTea3H0idAKZdA1duTeehOuTbbiZUk5OjqehOuTbyy+yT+:86/DTfTbxWOvTbyy7T |
| MD5: | 39A4F9D6085CED87F89DF15F2B7F1551 |
| SHA1: | AD30D76485468C0DEB90F195941D589B39B57A52 |
| SHA-256: | 2FFDD4DF24109F4B2055584276540E6600E113E7E8435739440AC44DA24B2168 |
| SHA-512: | 2B485F8FA3D7C75D55849972700A5E0676BCD073B5A8E0DEF31DE9AFC32563926612A9397537EDD41302EB16D8506AD60DF996C3E9B634950CB61C3179FA8D45 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 3758 |
| Entropy (8bit): | 5.835655281397477 |
| Encrypted: | false |
| SSDEEP: | 96:pxCliyH6666/CfOrhXsxIyL2XBBs8IjknxX6lqJffffffL:pSDH6666/+z2XBi5Yv9 |
| MD5: | 1F736500AC8D93E11DAB8798C6D4920A |
| SHA1: | 2F7BBB62DEA9BF5796F763B3E537B77C5A5BA0DA |
| SHA-256: | 3EAF9EB48A0BADBF081572E7EEFBEFF3711C6AAAE4B3D20D3229CAB769DDB9A6 |
| SHA-512: | A8B9048266B3988F6259D3CAB2BECBC3FBB19B8289507C998CF1FCA5F3DD0BED4BE38E011EB5E9AC13B37C280D3822BFFB447B9690E907FD5DB289E0F85B15E8 |
| Malicious: | false |
| Reputation: | low |
| URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.17647073876802 |
| TrID: |
|
| File name: | IDProtect Manager.exe |
| File size: | 893'008 bytes |
| MD5: | 1c9346769dc9ada9f73b7269170ad1b7 |
| SHA1: | fa91f3c98128408afa678e2e178ccade48af04f7 |
| SHA256: | 38728ac836784cd661dffdb6f169ab7a45d0816dfba3372ec601d57392b9dab1 |
| SHA512: | bdaa5e60e4141b316bc283ee95c75361fd834b49a8a5d9b1b8f32188071a17b85f4dee9e6f7304e918e4f591718f07fd641f0c30837acbc26fee5f02c9781a9c |
| SSDEEP: | 12288:h0cijm/HuJgJemXEpwXFciRG6zaVx2Tq5TMi76aITeKVDMWZrOtvK:ecijm/HuJH0ciJzaV5TMi6vVHZsK |
| TLSH: | D615181132B5C83BF6A23131086A6265F566FC106F25EEC76282BB3E9B361D15E3531F |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FmC...-...-...-.%.P...-.%.@...-.%._...-.%.V...-...,...-../....-../1...-.%.C...-.%.Q...-...-...-.%.U...-.Rich..-................ |
 | |
| Icon Hash: | 7bc4a4ec66f31904 |
| Entrypoint: | 0x454a81 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | |
| Time Stamp: | 0x4BD7F40A [Wed Apr 28 08:38:34 2010 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | d9a0291cbc4e65a605c7d493d0b220d8 |
| Signature Valid: | false |
| Signature Issuer: | CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US |
| Signature Validation Error: | A certificate chain could not be built to a trusted root authority |
| Error Number: | -2146762486 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | CEE46F618A66BACFEC4ABCD1DFB57C23 |
| Thumbprint SHA-1: | 46893033A74433E28B3D58A78C97D322E1379AF4 |
| Thumbprint SHA-256: | 93834C47A10014ED6356685AFD316275AC76F7E19B8FDDD070C95B1264246F36 |
| Serial: | 438192A562899CDCE1489D1C27800049 |
| Instruction |
|---|
| call 00007F6FB929A61Fh |
| jmp 00007F6FB92936FCh |
| push ebp |
| mov ebp, esp |
| push esi |
| mov esi, dword ptr [ebp+14h] |
| push edi |
| xor edi, edi |
| cmp esi, edi |
| jne 00007F6FB92938E6h |
| xor eax, eax |
| jmp 00007F6FB9293947h |
| cmp dword ptr [ebp+08h], edi |
| jne 00007F6FB92938FDh |
| call 00007F6FB92966CCh |
| push 00000016h |
| pop esi |
| mov dword ptr [eax], esi |
| push edi |
| push edi |
| push edi |
| push edi |
| push edi |
| call 00007F6FB9294F5Ah |
| add esp, 14h |
| mov eax, esi |
| jmp 00007F6FB9293927h |
| cmp dword ptr [ebp+10h], edi |
| je 00007F6FB92938F8h |
| cmp dword ptr [ebp+0Ch], esi |
| jc 00007F6FB92938F3h |
| push esi |
| push dword ptr [ebp+10h] |
| push dword ptr [ebp+08h] |
| call 00007F6FB9294AD2h |
| add esp, 0Ch |
| jmp 00007F6FB92938A3h |
| push dword ptr [ebp+0Ch] |
| push edi |
| push dword ptr [ebp+08h] |
| call 00007F6FB9293DE1h |
| add esp, 0Ch |
| cmp dword ptr [ebp+10h], edi |
| je 00007F6FB9293898h |
| cmp dword ptr [ebp+0Ch], esi |
| jnc 00007F6FB92938F0h |
| call 00007F6FB929667Dh |
| push 00000022h |
| pop ecx |
| mov dword ptr [eax], ecx |
| mov esi, ecx |
| jmp 00007F6FB929388Fh |
| push 00000016h |
| pop eax |
| pop edi |
| pop esi |
| pop ebp |
| ret |
| push ecx |
| mov dword ptr [ecx], 00482D0Ch |
| call 00007F6FB929A627h |
| pop ecx |
| ret |
| push esi |
| mov esi, ecx |
| call 00007F6FB92938CFh |
| test byte ptr [esp+08h], 00000001h |
| je 00007F6FB92938E9h |
| push esi |
| call 00007F6FB9272A13h |
| pop ecx |
| mov eax, esi |
| pop esi |
| retn 0004h |
| mov eax, dword ptr [esp+04h] |
| add ecx, 09h |
| push ecx |
| add eax, 09h |
| push eax |
| call 00007F6FB929A674h |
| neg eax |
| pop ecx |
| sbb eax, eax |
| pop ecx |
| inc eax |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x9364c | 0x12c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x9f000 | 0x3d528 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0xd9000 | 0x1050 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x7b880 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x7b000 | 0x5dc | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x935c4 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x79521 | 0x7a000 | 1dc02e6d4a3a257ecd5b2f2f94ee64c4 | False | 0.5263011494620902 | data | 6.603338464035834 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x7b000 | 0x1a64e | 0x1b000 | ee92c2b46fe510ee9ba2a936e5dc5438 | False | 0.31608977141203703 | data | 4.557612420337262 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x96000 | 0x88b8 | 0x5000 | 879945234a642a3327472c4ec168f136 | False | 0.2212890625 | data | 3.6839649411477056 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x9f000 | 0x3d528 | 0x3e000 | a7173d939ea2bedcc454f356abfa71c7 | False | 0.21239053049395162 | data | 5.075671653969763 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_CURSOR | 0xd6cf8 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4805194805194805 |
| RT_CURSOR | 0xd6e30 | 0xb4 | Targa image data - Map 32 x 65536 x 1 +16 "\001" | English | United States | 0.7 |
| RT_CURSOR | 0xd6f10 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | English | United States | 0.36363636363636365 |
| RT_CURSOR | 0xd7060 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.35714285714285715 |
| RT_CURSOR | 0xd71b0 | 0x134 | data | English | United States | 0.37337662337662336 |
| RT_CURSOR | 0xd7300 | 0x134 | data | English | United States | 0.37662337662337664 |
| RT_CURSOR | 0xd7450 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | English | United States | 0.36688311688311687 |
| RT_CURSOR | 0xd75a0 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | English | United States | 0.37662337662337664 |
| RT_CURSOR | 0xd76f0 | 0x134 | Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.36688311688311687 |
| RT_CURSOR | 0xd7840 | 0x134 | Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
| RT_CURSOR | 0xd7990 | 0x134 | data | English | United States | 0.44155844155844154 |
| RT_CURSOR | 0xd7ae0 | 0x134 | data | English | United States | 0.4155844155844156 |
| RT_CURSOR | 0xd7c30 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | English | United States | 0.5422077922077922 |
| RT_CURSOR | 0xd7d80 | 0x134 | data | English | United States | 0.2662337662337662 |
| RT_CURSOR | 0xd7ed0 | 0x134 | data | English | United States | 0.2824675324675325 |
| RT_CURSOR | 0xd8020 | 0x134 | data | English | United States | 0.3246753246753247 |
| RT_BITMAP | 0xc6878 | 0xa928 | Device independent bitmap graphic, 960 x 90 x 4, image size 43200, 16 important colors | English | United States | 0.00688158137816368 |
| RT_BITMAP | 0xd11a0 | 0x4b8 | Device independent bitmap graphic, 96 x 23 x 4, image size 1104, 16 important colors | English | United States | 0.24668874172185432 |
| RT_BITMAP | 0xd1658 | 0x778 | Device independent bitmap graphic, 24 x 26 x 24, image size 1872 | English | United States | 0.5648535564853556 |
| RT_BITMAP | 0xd1dd0 | 0x48ac | Device independent bitmap graphic, 121 x 51 x 24, image size 18564 | English | United States | 0.5423027305955709 |
| RT_BITMAP | 0xd8290 | 0xb8 | Device independent bitmap graphic, 12 x 10 x 4, image size 80 | English | United States | 0.44565217391304346 |
| RT_BITMAP | 0xd8348 | 0x144 | Device independent bitmap graphic, 33 x 11 x 4, image size 220 | English | United States | 0.37962962962962965 |
| RT_ICON | 0xa0ed0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | United States | 0.6486486486486487 |
| RT_ICON | 0xa0ff8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.5027075812274369 |
| RT_ICON | 0xa18a0 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 256 | English | United States | 0.6151315789473685 |
| RT_ICON | 0xa19d0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | English | United States | 0.5765895953757225 |
| RT_ICON | 0xa1f78 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512, 16 important colors | English | United States | 0.09005376344086022 |
| RT_ICON | 0xa2260 | 0x1628 | Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colors | English | United States | 0.10613540197461213 |
| RT_ICON | 0xa38b0 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512, 16 important colors | English | United States | 0.09005376344086022 |
| RT_ICON | 0xa3b98 | 0x1628 | Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colors | English | United States | 0.3751763046544429 |
| RT_ICON | 0xa51e8 | 0x1628 | Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colors | English | United States | 0.222672778561354 |
| RT_ICON | 0xa6810 | 0x1628 | Device independent bitmap graphic, 64 x 128 x 8, image size 4608 | English | United States | 0.2260225669957687 |
| RT_ICON | 0xa7e60 | 0x1628 | Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colors | English | United States | 0.42930183356840623 |
| RT_ICON | 0xa94a0 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512, 16 important colors | English | United States | 0.20026881720430106 |
| RT_ICON | 0xa9788 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | United States | 0.36486486486486486 |
| RT_ICON | 0xa98d8 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512, 16 important colors | English | United States | 0.2903225806451613 |
| RT_ICON | 0xa9bc0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | United States | 0.46283783783783783 |
| RT_ICON | 0xa9d10 | 0x1628 | Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colors | English | United States | 0.2445345557122708 |
| RT_ICON | 0xab350 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3072 | English | United States | 0.33796296296296297 |
| RT_ICON | 0xac010 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3072 | English | United States | 0.2941358024691358 |
| RT_ICON | 0xaccd0 | 0x368 | Device independent bitmap graphic, 16 x 32 x 24, image size 768 | English | United States | 0.3704128440366973 |
| RT_ICON | 0xad050 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3072 | English | United States | 0.21635802469135804 |
| RT_ICON | 0xadd10 | 0x368 | Device independent bitmap graphic, 16 x 32 x 24, image size 768 | English | United States | 0.19954128440366972 |
| RT_ICON | 0xae090 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3072 | English | United States | 0.2851851851851852 |
| RT_ICON | 0xaed50 | 0x368 | Device independent bitmap graphic, 16 x 32 x 24, image size 768 | English | United States | 0.8061926605504587 |
| RT_ICON | 0xaf0b8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.5009025270758123 |
| RT_ICON | 0xaf988 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3072 | English | United States | 0.2243827160493827 |
| RT_ICON | 0xb0648 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3072 | English | United States | 0.17716049382716048 |
| RT_ICON | 0xb1308 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3072 | English | United States | 0.1712962962962963 |
| RT_ICON | 0xb1fc8 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3072 | English | United States | 0.2564814814814815 |
| RT_ICON | 0xb2c88 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3072 | English | United States | 0.1728395061728395 |
| RT_ICON | 0xb3948 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3072 | English | United States | 0.21820987654320986 |
| RT_ICON | 0xb4608 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3072 | English | United States | 0.22870370370370371 |
| RT_ICON | 0xb52c8 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3072 | English | United States | 0.23271604938271606 |
| RT_ICON | 0xb5f88 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3072 | English | United States | 0.24876543209876542 |
| RT_ICON | 0xb6c48 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3072 | English | United States | 0.31635802469135804 |
| RT_ICON | 0xb7908 | 0xca8 | Device independent bitmap graphic, 32 x 64 x 24, image size 3072 | English | United States | 0.2515432098765432 |
| RT_ICON | 0xb85c8 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.3737009919697685 |
| RT_ICON | 0xbc808 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.38468351440717996 |
| RT_ICON | 0xc0a48 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.2920996693434105 |
| RT_MENU | 0xd66b0 | 0x92 | data | English | United States | 0.678082191780822 |
| RT_MENU | 0xd6748 | 0x1ca | data | English | United States | 0.5218340611353712 |
| RT_MENU | 0xd6918 | 0x1ea | data | English | United States | 0.5081632653061224 |
| RT_DIALOG | 0xc4c88 | 0x204 | data | English | United States | 0.5581395348837209 |
| RT_DIALOG | 0xc59c0 | 0x176 | data | English | United States | 0.5294117647058824 |
| RT_DIALOG | 0xc5140 | 0x1e0 | data | English | United States | 0.46875 |
| RT_DIALOG | 0xc5320 | 0x136 | data | English | United States | 0.6129032258064516 |
| RT_DIALOG | 0xc4fd0 | 0x16a | data | English | United States | 0.638121546961326 |
| RT_DIALOG | 0xc4e90 | 0x13a | data | English | United States | 0.6337579617834395 |
| RT_DIALOG | 0xc5458 | 0x320 | data | English | United States | 0.4775 |
| RT_DIALOG | 0xc5778 | 0x244 | data | English | United States | 0.5155172413793103 |
| RT_DIALOG | 0xc5b38 | 0x30c | data | English | United States | 0.4782051282051282 |
| RT_DIALOG | 0xd6b08 | 0x1e0 | data | Hebrew | Israel | 0.5604166666666667 |
| RT_DIALOG | 0xc5f58 | 0x184 | dBase III DBT, next free block index 4294901761 | English | United States | 0.5773195876288659 |
| RT_DIALOG | 0xc5e48 | 0x110 | data | English | United States | 0.6139705882352942 |
| RT_DIALOG | 0xd8170 | 0xe8 | data | English | United States | 0.6336206896551724 |
| RT_DIALOG | 0xd8258 | 0x34 | data | English | United States | 0.9038461538461539 |
| RT_STRING | 0xd8490 | 0x7a | data | English | United States | 0.6967213114754098 |
| RT_STRING | 0xd8510 | 0x21a | data | English | United States | 0.4646840148698885 |
| RT_STRING | 0xd8ab0 | 0xb6 | data | English | United States | 0.5604395604395604 |
| RT_STRING | 0xd8838 | 0x12c | data | English | United States | 0.5533333333333333 |
| RT_STRING | 0xd8b68 | 0x38 | data | English | United States | 0.6607142857142857 |
| RT_STRING | 0xd8730 | 0x106 | data | English | United States | 0.5801526717557252 |
| RT_STRING | 0xd8968 | 0x146 | data | English | United States | 0.5368098159509203 |
| RT_STRING | 0xdac58 | 0x42 | data | English | United States | 0.6666666666666666 |
| RT_STRING | 0xd8ba0 | 0x156 | data | English | United States | 0.5555555555555556 |
| RT_STRING | 0xd8cf8 | 0x1b0 | data | English | United States | 0.47453703703703703 |
| RT_STRING | 0xd8ea8 | 0x372 | data | English | United States | 0.3526077097505669 |
| RT_STRING | 0xd9220 | 0x5d0 | data | English | United States | 0.2762096774193548 |
| RT_STRING | 0xd97f0 | 0x49c | data | English | United States | 0.35084745762711866 |
| RT_STRING | 0xd9c90 | 0x400 | data | English | United States | 0.3291015625 |
| RT_STRING | 0xda090 | 0x4b4 | data | English | United States | 0.36212624584717606 |
| RT_STRING | 0xda548 | 0x310 | data | English | United States | 0.38903061224489793 |
| RT_STRING | 0xda858 | 0x210 | data | English | United States | 0.44696969696969696 |
| RT_STRING | 0xdaa68 | 0x1ee | data | English | United States | 0.44129554655870445 |
| RT_STRING | 0xdaca0 | 0x82 | StarOffice Gallery theme p, 536899072 objects, 1st n | English | United States | 0.7153846153846154 |
| RT_STRING | 0xdad28 | 0x2a | data | English | United States | 0.5476190476190477 |
| RT_STRING | 0xdad58 | 0x192 | data | English | United States | 0.48009950248756217 |
| RT_STRING | 0xdaef0 | 0x4e2 | data | English | United States | 0.376 |
| RT_STRING | 0xdb768 | 0x31a | data | English | United States | 0.2682619647355164 |
| RT_STRING | 0xdb488 | 0x2dc | data | English | United States | 0.36885245901639346 |
| RT_STRING | 0xdc2c8 | 0x8a | data | English | United States | 0.6594202898550725 |
| RT_STRING | 0xdb3d8 | 0xac | data | English | United States | 0.45348837209302323 |
| RT_STRING | 0xdc1b8 | 0xde | data | English | United States | 0.536036036036036 |
| RT_STRING | 0xdba88 | 0x4c4 | data | English | United States | 0.3221311475409836 |
| RT_STRING | 0xdbf50 | 0x264 | data | English | United States | 0.3741830065359477 |
| RT_STRING | 0xdc298 | 0x2c | data | English | United States | 0.5227272727272727 |
| RT_STRING | 0xdc358 | 0x42 | data | English | United States | 0.6060606060606061 |
| RT_ACCELERATOR | 0xd6ce8 | 0x10 | data | Hebrew | Israel | 1.375 |
| RT_GROUP_CURSOR | 0xd6ee8 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States | 1.0294117647058822 |
| RT_GROUP_CURSOR | 0xd76d8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xd7048 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xd7588 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xd7438 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xd7d68 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xd72e8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xd7978 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xd7198 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xd7828 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xd7ac8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xd7c18 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xd7eb8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xd8008 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xd8158 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_ICON | 0xa1f38 | 0x3e | data | English | United States | 0.8548387096774194 |
| RT_GROUP_ICON | 0xa3888 | 0x22 | data | English | United States | 1.1470588235294117 |
| RT_GROUP_ICON | 0xa51c0 | 0x22 | data | English | United States | 1.1176470588235294 |
| RT_GROUP_ICON | 0xa7e38 | 0x22 | data | English | United States | 0.8529411764705882 |
| RT_GROUP_ICON | 0xa9488 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xa98b0 | 0x22 | data | English | United States | 1.0588235294117647 |
| RT_GROUP_ICON | 0xa9ce8 | 0x22 | data | English | United States | 1.0588235294117647 |
| RT_GROUP_ICON | 0xab338 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xabff8 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xaccb8 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xad038 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xadcf8 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xae078 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xaed38 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xaf960 | 0x22 | data | English | United States | 1.088235294117647 |
| RT_GROUP_ICON | 0xb0630 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xb12f0 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xb1fb0 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xb2c70 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xb3930 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xb45f0 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xb52b0 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xb5f70 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xb6c30 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xb78f0 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xb85b0 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xbc7f0 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xc0a30 | 0x14 | data | English | United States | 1.25 |
| RT_GROUP_ICON | 0xc4c70 | 0x14 | data | English | United States | 1.25 |
| RT_VERSION | 0xc60e0 | 0x340 | data | English | United States | 0.43149038461538464 |
| RT_MANIFEST | 0xdc3a0 | 0x188 | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (332), with CRLF line terminators | English | United States | 0.673469387755102 |
| RT_MANIFEST | 0xc6420 | 0x453 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4173441734417344 |
| None | 0xd6680 | 0x1c | data | English | United States | 1.2142857142857142 |
| None | 0xd66a0 | 0x10 | data | English | United States | 1.5 |
| DLL | Import |
|---|---|
| KERNEL32.dll | GetVersion, VirtualQuery, FlushInstructionCache, GetSystemDirectoryA, GetWindowsDirectoryA, GetModuleFileNameA, GetModuleHandleA, FreeLibrary, InterlockedExchange, CompareStringA, CreateThread, LoadLibraryA, CreateFileA, GetCurrentProcessId, GetLocalTime, GetCurrentDirectoryA, CloseHandle, CreateProcessA, Sleep, InterlockedDecrement, SetLastError, ResetEvent, WaitForSingleObject, SetEvent, LocalFree, GetLastError, LoadResource, LockResource, SizeofResource, SetEnvironmentVariableA, SetStdHandle, GetConsoleOutputCP, WriteConsoleA, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, GetStringTypeA, GetConsoleMode, GetConsoleCP, LCMapStringA, GetOEMCP, GetACP, GetTimeZoneInformation, QueryPerformanceCounter, VirtualFree, HeapCreate, HeapDestroy, GetStartupInfoA, GetFileType, SetHandleCount, GetCommandLineW, GetCommandLineA, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStdHandle, GetSystemInfo, VirtualAlloc, VirtualProtect, HeapSize, ExitProcess, HeapReAlloc, GetVersionExA, LocalAlloc, OpenMutexA, CreateMutexA, ReleaseMutex, OpenProcess, lstrlenA, FreeResource, GlobalFree, GlobalUnlock, GlobalLock, MulDiv, GlobalAlloc, GlobalDeleteAtom, GetCurrentThreadId, lstrcmpA, EnumResourceLanguagesW, ConvertDefaultLocale, GetCurrentThread, GlobalFlags, LeaveCriticalSection, TlsGetValue, EnterCriticalSection, GlobalReAlloc, GlobalHandle, InitializeCriticalSection, TlsAlloc, TlsSetValue, LocalReAlloc, DeleteCriticalSection, TlsFree, InterlockedIncrement, GetThreadLocale, FileTimeToSystemTime, ReadFile, WriteFile, SetFilePointer, FlushFileBuffers, LockFile, UnlockFile, SetEndOfFile, GetFileSize, DuplicateHandle, GetCurrentProcess, FindClose, SetErrorMode, FileTimeToLocalFileTime, GetFileTime, GetTickCount, HeapFree, HeapAlloc, GetProcessHeap, RtlUnwind, GetSystemTimeAsFileTime, RaiseException, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent |
| ADVAPI32.dll | RegCreateKeyExA, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, AddAccessAllowedAce, AddAccessDeniedAce, InitializeAcl, GetLengthSid, AllocateAndInitializeSid, RegOpenKeyExA, RegQueryValueExA, CryptReleaseContext, CryptImportKey, CryptSetKeyParam, CryptAcquireContextA, CryptGetProvParam, CryptGetKeyParam, CryptDestroyKey, CryptGetUserKey, CryptExportKey, CryptAcquireContextW, CryptSetProvParam, RegCloseKey |
| USER32.dll | GetDesktopWindow, GetMenuState, SystemParametersInfoA, IntersectRect, SetWindowPos, PtInRect, DeferWindowPos, EqualRect, AdjustWindowRectEx, GetSysColor, UpdateWindow, IsWindowVisible, GetKeyState, TrackPopupMenu, ScrollWindow, MapWindowPoints, GetMessageTime, UnhookWindowsHookEx, GetTopWindow, EndDeferWindowPos, BeginDeferWindowPos, GetLastActivePopup, SetFocus, GetFocus, CallNextHookEx, GetCapture, IsChild, SendDlgItemMessageA, CheckMenuItem, GetMenuCheckMarkDimensions, SetMenuItemBitmaps, MoveWindow, InflateRect, DestroyMenu, PostQuitMessage, ValidateRect, GetCursorPos, TranslateMessage, SetCursor, ReleaseDC, GetDC, EndDialog, GetActiveWindow, SetWindowContextHelpId, GetWindowDC, BeginPaint, EndPaint, FlashWindow, SetRect, KillTimer, GetSysColorBrush, SetCapture, ReleaseCapture, IsRectEmpty, InvalidateRgn, GetNextDlgGroupItem, GetDCEx, LockWindowUpdate, SetParent, UnregisterClassA, GetSystemMetrics, GetMessagePos, SetForegroundWindow, AttachThreadInput, GetForegroundWindow, GetWindowThreadProcessId, ShowWindow, GetWindowPlacement, GetDlgCtrlID, GetDlgItem, SetActiveWindow, MessageBeep, SetTimer, GetWindow, CopyRect, OffsetRect, DrawIcon, DeleteMenu, EnableMenuItem, SetMenuDefaultItem, GetMenuItemCount, GetMenuItemID, GetSubMenu, RemoveMenu, GetMenu, SetMenu, IsIconic, GetWindowRect, GetClientRect, ClientToScreen, ScreenToClient, DestroyWindow, IsWindow, IsWindowEnabled, GetParent, MapDialogRect, GetNextDlgTabItem, SetRectEmpty, WindowFromPoint, InvalidateRect |
| SHELL32.dll | ShellExecuteA |
| CRYPT32.dll | CertOpenStore, CertEnumCertificatesInStore, CertDeleteCertificateFromStore, CertGetCertificateContextProperty, CertSetCertificateContextProperty, CertOpenSystemStoreW, CertAddCertificateContextToStore, CertCloseStore, CertCreateCertificateContext, CertCompareCertificate, CertGetNameStringA, CertGetIntendedKeyUsage, CertFreeCertificateContext, CertGetEnhancedKeyUsage, CertGetNameStringW |
| WinSCard.dll | SCardReleaseContext, SCardEstablishContext, SCardStatusA, SCardReconnect, SCardFreeMemory, SCardDisconnect, SCardGetStatusChangeA, SCardBeginTransaction, SCardEndTransaction, SCardListReadersA, g_rgSCardT0Pci, SCardTransmit, g_rgSCardT1Pci, SCardConnectA |
| WTSAPI32.dll | WTSFreeMemory, WTSQuerySessionInformationA |
| COMCTL32.dll | InitCommonControlsEx |
| SHLWAPI.dll | PathFindExtensionW, PathFindFileNameW, PathStripToRootW, PathIsUNCW |
| ole32.dll | OleRun, CoCreateInstance, CoUninitialize, CoCreateGuid, CoInitialize, CoTaskMemFree, CoTaskMemAlloc, CLSIDFromProgID, CLSIDFromString, CoGetClassObject, StgOpenStorageOnILockBytes, StgCreateDocfileOnILockBytes, CreateILockBytesOnHGlobal, OleUninitialize, CoFreeUnusedLibraries, OleInitialize, CoRevokeClassObject, CoRegisterMessageFilter, OleIsCurrentClipboard, OleFlushClipboard |
| OLEAUT32.dll | SysAllocString, OleCreateFontIndirect, SystemTimeToVariantTime, SafeArrayDestroy, SysStringLen, SysAllocStringLen, VariantTimeToSystemTime, VariantChangeType, VariantClear, VariantInit, VariantCopy, SysFreeString, SysStringByteLen, SysAllocStringByteLen, GetErrorInfo |
| PSAPI.DLL | EnumProcessModules, GetModuleBaseNameA |
| GDI32.dll | GetRgnBox, GetTextColor, GetMapMode, CombineRgn, SetRectRgn, GetBkColor, GetClipBox, SetTextColor, CreatePatternBrush, ExtSelectClipRgn, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, Escape, RectVisible, SetBkColor, CreateBitmap, CreateCompatibleDC, DeleteObject, SelectObject, DeleteDC, StretchDIBits, CreateCompatibleBitmap, CreateRectRgnIndirect, PatBlt, SaveDC, RestoreDC, SetBkMode, GetStockObject, PtVisible, GetWindowExtEx, GetViewportExtEx, CreateRectRgn, GetDeviceCaps, SelectClipRgn, IntersectClipRect, ExcludeClipRect, SetMapMode |
| WINSPOOL.DRV | ClosePrinter |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
| Hebrew | Israel |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 26, 2024 23:59:56.631649971 CEST | 49701 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:56.631697893 CEST | 443 | 49701 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:56.631758928 CEST | 49701 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:56.632332087 CEST | 49701 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:56.632345915 CEST | 443 | 49701 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:56.941304922 CEST | 49704 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:56.941427946 CEST | 443 | 49704 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:56.941514969 CEST | 49704 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:56.941699028 CEST | 49704 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:56.941735983 CEST | 443 | 49704 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.022367001 CEST | 443 | 49701 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.025253057 CEST | 49701 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.025275946 CEST | 443 | 49701 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.026133060 CEST | 443 | 49701 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.026202917 CEST | 49701 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.028664112 CEST | 49701 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.028770924 CEST | 443 | 49701 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.029298067 CEST | 49705 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.029325962 CEST | 443 | 49705 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.029550076 CEST | 49705 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.029783964 CEST | 49706 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.029824972 CEST | 443 | 49706 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.029892921 CEST | 49701 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.029901028 CEST | 443 | 49701 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.029922009 CEST | 49706 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.030114889 CEST | 49705 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.030133009 CEST | 443 | 49705 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.030318022 CEST | 49706 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.030337095 CEST | 443 | 49706 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.082911968 CEST | 49701 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.329706907 CEST | 443 | 49704 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.330001116 CEST | 49704 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.330044031 CEST | 443 | 49704 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.330914974 CEST | 443 | 49704 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.330988884 CEST | 49704 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.331259966 CEST | 49704 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.331321955 CEST | 443 | 49704 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.331379890 CEST | 49704 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.363903046 CEST | 443 | 49705 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.364177942 CEST | 49705 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.364191055 CEST | 443 | 49705 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.364695072 CEST | 443 | 49705 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.365067959 CEST | 49705 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.365151882 CEST | 443 | 49705 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.365180016 CEST | 49705 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.376125097 CEST | 443 | 49704 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.384845972 CEST | 49704 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.384866953 CEST | 443 | 49704 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.412122011 CEST | 443 | 49705 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.413332939 CEST | 49704 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.413418055 CEST | 443 | 49704 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.413482904 CEST | 49704 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.416825056 CEST | 49705 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.421863079 CEST | 443 | 49706 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.422106028 CEST | 49706 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.422137022 CEST | 443 | 49706 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.422789097 CEST | 443 | 49706 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.423082113 CEST | 49706 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.423176050 CEST | 443 | 49706 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.423194885 CEST | 49706 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.435662031 CEST | 443 | 49701 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.435700893 CEST | 443 | 49701 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.435719967 CEST | 443 | 49701 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.435736895 CEST | 443 | 49701 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.435767889 CEST | 49701 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.435784101 CEST | 443 | 49701 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.435816050 CEST | 49701 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.447114944 CEST | 443 | 49701 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.447169065 CEST | 49701 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.447246075 CEST | 49701 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.447262049 CEST | 443 | 49701 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.463860989 CEST | 49706 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:57.463913918 CEST | 443 | 49706 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.149374962 CEST | 443 | 49705 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.149451971 CEST | 49705 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:58.149471045 CEST | 443 | 49705 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.149558067 CEST | 443 | 49705 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.149605989 CEST | 49705 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:58.300950050 CEST | 443 | 49706 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.301044941 CEST | 49706 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:58.301110029 CEST | 443 | 49706 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.301542997 CEST | 443 | 49706 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.301603079 CEST | 49706 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:58.425776958 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
| Apr 26, 2024 23:59:58.433998108 CEST | 49705 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:58.434020042 CEST | 443 | 49705 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.434565067 CEST | 49706 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:58.434616089 CEST | 443 | 49706 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.447952986 CEST | 49707 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:58.448012114 CEST | 443 | 49707 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.448149920 CEST | 49707 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:58.448582888 CEST | 49707 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:58.448611975 CEST | 443 | 49707 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.730958939 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
| Apr 26, 2024 23:59:58.771342039 CEST | 49708 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:58.771399975 CEST | 443 | 49708 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.771469116 CEST | 49708 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:58.777365923 CEST | 49708 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:58.777380943 CEST | 443 | 49708 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.819948912 CEST | 443 | 49707 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.828847885 CEST | 49707 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:58.828891039 CEST | 443 | 49707 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.829315901 CEST | 443 | 49707 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.830600977 CEST | 49707 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:58.830698013 CEST | 443 | 49707 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:58.844969988 CEST | 49707 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:58.888163090 CEST | 443 | 49707 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.151356936 CEST | 443 | 49707 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.151416063 CEST | 443 | 49707 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.151473999 CEST | 443 | 49707 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.151473999 CEST | 49707 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:59.151519060 CEST | 443 | 49707 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.151576996 CEST | 49707 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:59.151592970 CEST | 443 | 49707 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.151613951 CEST | 443 | 49707 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.151667118 CEST | 49707 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:59.152007103 CEST | 49707 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:59.152033091 CEST | 443 | 49707 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.170430899 CEST | 443 | 49708 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.170686960 CEST | 49708 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:59.170711040 CEST | 443 | 49708 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.171698093 CEST | 443 | 49708 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.171765089 CEST | 49708 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:59.172068119 CEST | 49708 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:59.172131062 CEST | 443 | 49708 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.172199011 CEST | 49708 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:59.172207117 CEST | 443 | 49708 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.223820925 CEST | 49708 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:59.335865974 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
| Apr 26, 2024 23:59:59.561316013 CEST | 443 | 49708 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.561351061 CEST | 443 | 49708 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.561424971 CEST | 443 | 49708 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.561427116 CEST | 49708 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:59.561464071 CEST | 443 | 49708 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.561502934 CEST | 49708 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:59.561511993 CEST | 443 | 49708 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.561522007 CEST | 443 | 49708 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.561562061 CEST | 49708 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:59.562309027 CEST | 49708 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:59.562326908 CEST | 443 | 49708 | 142.250.217.196 | 192.168.2.16 |
| Apr 26, 2024 23:59:59.562335014 CEST | 49708 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 26, 2024 23:59:59.562370062 CEST | 49708 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 27, 2024 00:00:00.164160013 CEST | 49689 | 80 | 192.168.2.16 | 192.229.211.108 |
| Apr 27, 2024 00:00:00.543283939 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
| Apr 27, 2024 00:00:01.240596056 CEST | 49714 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 27, 2024 00:00:01.240633011 CEST | 443 | 49714 | 142.250.217.196 | 192.168.2.16 |
| Apr 27, 2024 00:00:01.240737915 CEST | 49714 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 27, 2024 00:00:01.294642925 CEST | 49714 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 27, 2024 00:00:01.294661045 CEST | 443 | 49714 | 142.250.217.196 | 192.168.2.16 |
| Apr 27, 2024 00:00:02.958930969 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
| Apr 27, 2024 00:00:06.278307915 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
| Apr 27, 2024 00:00:06.581928968 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
| Apr 27, 2024 00:00:07.194859982 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
| Apr 27, 2024 00:00:07.771856070 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
| Apr 27, 2024 00:00:08.405438900 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
| Apr 27, 2024 00:00:10.750180006 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
| Apr 27, 2024 00:00:10.813891888 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
| Apr 27, 2024 00:00:11.053862095 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
| Apr 27, 2024 00:00:11.656883955 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
| Apr 27, 2024 00:00:12.870862007 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
| Apr 27, 2024 00:00:15.275923967 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
| Apr 27, 2024 00:00:15.627880096 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
| Apr 27, 2024 00:00:17.386866093 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
| Apr 27, 2024 00:00:20.079902887 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
| Apr 27, 2024 00:00:25.239017010 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
| Apr 27, 2024 00:00:25.769047022 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:00:25.769078016 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:25.769187927 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:00:25.771430969 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:00:25.771450996 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:26.276400089 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:26.276482105 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:00:26.288064957 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:00:26.288081884 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:26.288369894 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:26.337888002 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:00:26.398574114 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:00:26.440148115 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:26.753664970 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:26.753726006 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:26.753747940 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:26.753787041 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:26.753814936 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:00:26.753837109 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:26.753849983 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:26.753931999 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:00:26.753981113 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:26.754076004 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:00:26.754082918 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:26.754204988 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:26.754264116 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:00:26.785938025 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:00:26.785957098 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:26.785974026 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:00:26.785980940 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:00:29.684202909 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
| Apr 27, 2024 00:00:31.280348063 CEST | 49714 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 27, 2024 00:00:31.324170113 CEST | 443 | 49714 | 142.250.217.196 | 192.168.2.16 |
| Apr 27, 2024 00:00:32.978291988 CEST | 443 | 49714 | 142.250.217.196 | 192.168.2.16 |
| Apr 27, 2024 00:00:32.978373051 CEST | 49714 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 27, 2024 00:00:33.308116913 CEST | 49693 | 80 | 192.168.2.16 | 152.195.50.149 |
| Apr 27, 2024 00:00:33.308167934 CEST | 49694 | 80 | 192.168.2.16 | 192.229.211.108 |
| Apr 27, 2024 00:00:33.611931086 CEST | 49694 | 80 | 192.168.2.16 | 192.229.211.108 |
| Apr 27, 2024 00:00:33.611939907 CEST | 49693 | 80 | 192.168.2.16 | 152.195.50.149 |
| Apr 27, 2024 00:00:34.219913960 CEST | 49694 | 80 | 192.168.2.16 | 192.229.211.108 |
| Apr 27, 2024 00:00:34.219964981 CEST | 49693 | 80 | 192.168.2.16 | 152.195.50.149 |
| Apr 27, 2024 00:00:35.433912039 CEST | 49694 | 80 | 192.168.2.16 | 192.229.211.108 |
| Apr 27, 2024 00:00:35.433917046 CEST | 49693 | 80 | 192.168.2.16 | 152.195.50.149 |
| Apr 27, 2024 00:00:37.836029053 CEST | 49694 | 80 | 192.168.2.16 | 192.229.211.108 |
| Apr 27, 2024 00:00:37.836040974 CEST | 49693 | 80 | 192.168.2.16 | 152.195.50.149 |
| Apr 27, 2024 00:00:42.641020060 CEST | 49693 | 80 | 192.168.2.16 | 152.195.50.149 |
| Apr 27, 2024 00:00:42.641027927 CEST | 49694 | 80 | 192.168.2.16 | 192.229.211.108 |
| Apr 27, 2024 00:00:52.244010925 CEST | 49694 | 80 | 192.168.2.16 | 192.229.211.108 |
| Apr 27, 2024 00:00:52.244041920 CEST | 49693 | 80 | 192.168.2.16 | 152.195.50.149 |
| Apr 27, 2024 00:01:00.253048897 CEST | 49688 | 443 | 192.168.2.16 | 204.79.197.200 |
| Apr 27, 2024 00:01:01.212340117 CEST | 49718 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 27, 2024 00:01:01.212383032 CEST | 443 | 49718 | 142.250.217.196 | 192.168.2.16 |
| Apr 27, 2024 00:01:01.212481976 CEST | 49718 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 27, 2024 00:01:01.212789059 CEST | 49718 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 27, 2024 00:01:01.212801933 CEST | 443 | 49718 | 142.250.217.196 | 192.168.2.16 |
| Apr 27, 2024 00:01:01.497951031 CEST | 443 | 49718 | 142.250.217.196 | 192.168.2.16 |
| Apr 27, 2024 00:01:01.498279095 CEST | 49718 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 27, 2024 00:01:01.498306036 CEST | 443 | 49718 | 142.250.217.196 | 192.168.2.16 |
| Apr 27, 2024 00:01:01.498671055 CEST | 443 | 49718 | 142.250.217.196 | 192.168.2.16 |
| Apr 27, 2024 00:01:01.498971939 CEST | 49718 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 27, 2024 00:01:01.499036074 CEST | 443 | 49718 | 142.250.217.196 | 192.168.2.16 |
| Apr 27, 2024 00:01:01.546972990 CEST | 49718 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 27, 2024 00:01:03.505112886 CEST | 49719 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:01:03.505204916 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:01:03.505326986 CEST | 49719 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:01:03.505808115 CEST | 49719 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:01:03.505842924 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:01:03.995737076 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:01:03.995841980 CEST | 49719 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:01:03.998737097 CEST | 49719 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:01:03.998744965 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:01:03.998979092 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:01:04.000232935 CEST | 49719 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:01:04.044157982 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:01:04.479098082 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:01:04.479121923 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:01:04.479140997 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:01:04.479216099 CEST | 49719 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:01:04.479250908 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:01:04.479302883 CEST | 49719 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:01:04.480037928 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:01:04.480077982 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:01:04.480106115 CEST | 49719 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:01:04.480115891 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:01:04.480134964 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:01:04.480170012 CEST | 49719 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:01:04.480211973 CEST | 49719 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:01:04.483335018 CEST | 49719 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:01:04.483350992 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:01:04.483377934 CEST | 49719 | 443 | 192.168.2.16 | 20.114.59.183 |
| Apr 27, 2024 00:01:04.483383894 CEST | 443 | 49719 | 20.114.59.183 | 192.168.2.16 |
| Apr 27, 2024 00:01:11.496412992 CEST | 443 | 49718 | 142.250.217.196 | 192.168.2.16 |
| Apr 27, 2024 00:01:11.496473074 CEST | 443 | 49718 | 142.250.217.196 | 192.168.2.16 |
| Apr 27, 2024 00:01:11.496553898 CEST | 49718 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 27, 2024 00:01:12.794481993 CEST | 49718 | 443 | 192.168.2.16 | 142.250.217.196 |
| Apr 27, 2024 00:01:12.794526100 CEST | 443 | 49718 | 142.250.217.196 | 192.168.2.16 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 26, 2024 23:59:56.497664928 CEST | 60738 | 53 | 192.168.2.16 | 1.1.1.1 |
| Apr 26, 2024 23:59:56.497859001 CEST | 58397 | 53 | 192.168.2.16 | 1.1.1.1 |
| Apr 26, 2024 23:59:56.610913038 CEST | 53 | 58876 | 1.1.1.1 | 192.168.2.16 |
| Apr 26, 2024 23:59:56.630825996 CEST | 53 | 59006 | 1.1.1.1 | 192.168.2.16 |
| Apr 26, 2024 23:59:56.630866051 CEST | 53 | 58397 | 1.1.1.1 | 192.168.2.16 |
| Apr 26, 2024 23:59:56.630882025 CEST | 53 | 60738 | 1.1.1.1 | 192.168.2.16 |
| Apr 26, 2024 23:59:57.466397047 CEST | 53 | 52117 | 1.1.1.1 | 192.168.2.16 |
| Apr 27, 2024 00:00:21.848592043 CEST | 53 | 52960 | 1.1.1.1 | 192.168.2.16 |
| Apr 27, 2024 00:00:44.841448069 CEST | 53 | 57820 | 1.1.1.1 | 192.168.2.16 |
| Apr 27, 2024 00:00:56.498756886 CEST | 53 | 52719 | 1.1.1.1 | 192.168.2.16 |
| Apr 27, 2024 00:01:02.453963041 CEST | 138 | 138 | 192.168.2.16 | 192.168.2.255 |
| Apr 27, 2024 00:01:14.935237885 CEST | 53 | 58446 | 1.1.1.1 | 192.168.2.16 |
| Apr 27, 2024 00:02:01.625503063 CEST | 53 | 64086 | 1.1.1.1 | 192.168.2.16 |
| Timestamp | Source IP | Dest IP | Checksum | Code | Type |
|---|---|---|---|---|---|
| Apr 26, 2024 23:59:56.610991001 CEST | 192.168.2.16 | 1.1.1.1 | c238 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:04.628695011 CEST | 192.168.2.1 | 192.168.2.16 | c1f4 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:04.683773041 CEST | 192.168.2.1 | 192.168.2.16 | c1f4 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:04.910720110 CEST | 192.168.2.1 | 192.168.2.16 | c1f2 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:04.910831928 CEST | 192.168.2.1 | 192.168.2.16 | c1f2 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:04.910974026 CEST | 192.168.2.1 | 192.168.2.16 | c1f2 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:04.911107063 CEST | 192.168.2.1 | 192.168.2.16 | c1f2 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:06.278342009 CEST | 192.168.2.1 | 192.168.2.16 | 8197 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:06.720902920 CEST | 192.168.2.1 | 192.168.2.16 | c1f4 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:07.741601944 CEST | 192.168.2.1 | 192.168.2.16 | c1f4 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:08.757520914 CEST | 192.168.2.1 | 192.168.2.16 | c1f4 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:09.761007071 CEST | 192.168.2.1 | 192.168.2.16 | c1f4 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:10.750253916 CEST | 192.168.2.1 | 192.168.2.16 | 5422 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:15.627908945 CEST | 192.168.2.1 | 192.168.2.16 | 8197 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:17.386902094 CEST | 192.168.2.1 | 192.168.2.16 | 51eb | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:17.885059118 CEST | 192.168.2.1 | 192.168.2.16 | c1f2 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:17.914328098 CEST | 192.168.2.1 | 192.168.2.16 | c1f2 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:17.999636889 CEST | 192.168.2.1 | 192.168.2.16 | c1f2 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:18.028049946 CEST | 192.168.2.1 | 192.168.2.16 | c1f2 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:18.031125069 CEST | 192.168.2.1 | 192.168.2.16 | c1f2 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:19.044256926 CEST | 192.168.2.1 | 192.168.2.16 | c1fc | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:20.079936981 CEST | 192.168.2.1 | 192.168.2.16 | 5422 | (Port unreachable) | Destination Unreachable |
| Apr 27, 2024 00:00:21.055027962 CEST | 192.168.2.1 | 192.168.2.16 | c1fc | (Port unreachable) | Destination Unreachable |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Apr 26, 2024 23:59:56.497664928 CEST | 192.168.2.16 | 1.1.1.1 | 0x2d33 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Apr 26, 2024 23:59:56.497859001 CEST | 192.168.2.16 | 1.1.1.1 | 0x6ca3 | Standard query (0) | 65 | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Apr 26, 2024 23:59:56.630866051 CEST | 1.1.1.1 | 192.168.2.16 | 0x6ca3 | No error (0) | 65 | IN (0x0001) | false | |||
| Apr 26, 2024 23:59:56.630882025 CEST | 1.1.1.1 | 192.168.2.16 | 0x2d33 | No error (0) | 142.250.217.196 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.16 | 49701 | 142.250.217.196 | 443 | 6360 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 21:59:57 UTC | 627 | OUT | |
| 2024-04-26 21:59:57 UTC | 1703 | IN | |
| 2024-04-26 21:59:57 UTC | 1703 | IN | |
| 2024-04-26 21:59:57 UTC | 1703 | IN | |
| 2024-04-26 21:59:57 UTC | 359 | IN | |
| 2024-04-26 21:59:57 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.16 | 49704 | 142.250.217.196 | 443 | 6360 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 21:59:57 UTC | 353 | OUT |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.16 | 49705 | 142.250.217.196 | 443 | 6360 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 21:59:57 UTC | 530 | OUT | |
| 2024-04-26 21:59:58 UTC | 1842 | IN | |
| 2024-04-26 21:59:58 UTC | 458 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.16 | 49706 | 142.250.217.196 | 443 | 6360 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 21:59:57 UTC | 353 | OUT | |
| 2024-04-26 21:59:58 UTC | 1760 | IN | |
| 2024-04-26 21:59:58 UTC | 417 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.16 | 49707 | 142.250.217.196 | 443 | 6360 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 21:59:58 UTC | 932 | OUT | |
| 2024-04-26 21:59:59 UTC | 356 | IN | |
| 2024-04-26 21:59:59 UTC | 899 | IN | |
| 2024-04-26 21:59:59 UTC | 1255 | IN | |
| 2024-04-26 21:59:59 UTC | 1032 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.16 | 49708 | 142.250.217.196 | 443 | 6360 | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 21:59:59 UTC | 738 | OUT | |
| 2024-04-26 21:59:59 UTC | 356 | IN | |
| 2024-04-26 21:59:59 UTC | 899 | IN | |
| 2024-04-26 21:59:59 UTC | 1255 | IN | |
| 2024-04-26 21:59:59 UTC | 960 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.16 | 49716 | 20.114.59.183 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 22:00:26 UTC | 306 | OUT | |
| 2024-04-26 22:00:26 UTC | 560 | IN | |
| 2024-04-26 22:00:26 UTC | 15824 | IN | |
| 2024-04-26 22:00:26 UTC | 8666 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.16 | 49719 | 20.114.59.183 | 443 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-26 22:01:03 UTC | 306 | OUT | |
| 2024-04-26 22:01:04 UTC | 560 | IN | |
| 2024-04-26 22:01:04 UTC | 15824 | IN | |
| 2024-04-26 22:01:04 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 23:59:50 |
| Start date: | 26/04/2024 |
| Path: | C:\Users\user\Desktop\IDProtect Manager.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 893'008 bytes |
| MD5 hash: | 1C9346769DC9ADA9F73B7269170AD1B7 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 23:59:54 |
| Start date: | 26/04/2024 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7f9810000 |
| File size: | 3'242'272 bytes |
| MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 3 |
| Start time: | 23:59:55 |
| Start date: | 26/04/2024 |
| Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7f9810000 |
| File size: | 3'242'272 bytes |
| MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | false |
| Target ID: | 14 |
| Start time: | 00:00:06 |
| Start date: | 27/04/2024 |
| Path: | C:\Windows\System32\rundll32.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7530a0000 |
| File size: | 71'680 bytes |
| MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 15 |
| Start time: | 00:00:11 |
| Start date: | 27/04/2024 |
| Path: | C:\Users\user\Desktop\IDProtect Manager.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 893'008 bytes |
| MD5 hash: | 1C9346769DC9ADA9F73B7269170AD1B7 |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 16 |
| Start time: | 00:00:32 |
| Start date: | 27/04/2024 |
| Path: | C:\Users\user\Desktop\IDProtect Manager.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 893'008 bytes |
| MD5 hash: | 1C9346769DC9ADA9F73B7269170AD1B7 |
| Has elevated privileges: | false |
| Has administrator privileges: | false |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
⊘No disassembly