Windows
Analysis Report
BCb8yQ0fg8.exe
Overview
General Information
Sample name: | BCb8yQ0fg8.exerenamed because original name is a hash value |
Original sample name: | 807675A50EE7545E02DAEAC9822842B7.exe |
Analysis ID: | 1434650 |
MD5: | 807675a50ee7545e02daeac9822842b7 |
SHA1: | 967094e1ef9155a031687396ba99855e54870612 |
SHA256: | 2895f26ebeb8334731591ac868e9ab554a3568632e3c62e802739e5d0fc38d88 |
Tags: | exeStealc |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- BCb8yQ0fg8.exe (PID: 7252 cmdline:
"C:\Users\ user\Deskt op\BCb8yQ0 fg8.exe" MD5: 807675A50EE7545E02DAEAC9822842B7) - cmd.exe (PID: 7272 cmdline:
C:\Windows \SysWOW64\ cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 7280 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - explorer.exe (PID: 8120 cmdline:
C:\Windows \SysWOW64\ explorer.e xe MD5: DD6597597673F72E10C9DE7901FBA0A8)
- chrome.exe (PID: 7372 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http://4 7375057156 7004317064 2305835144 6835080456 5684324378 0751596107 4209160469 8238217701 4840294657 6243013591 3242023857 7500344015 5905406094 5654540273 6388672287 9498364083 3862748912 1218513348 0703124909 9092790952 1300350742 2794384297 0399582505 875/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7588 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2216 --fi eld-trial- handle=180 0,i,522449 6107934403 145,581689 0975472559 302,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Stealc | Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Vidar | Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser. | No Attribution |
{"C2 url": "http://193.163.7.88/a69d09b357e06b52.php"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_MarsStealer | Yara detected Mars stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_MarsStealer | Yara detected Mars stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_MarsStealer | Yara detected Mars stealer | Joe Security | ||
JoeSecurity_Stealc | Yara detected Stealc | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_MarsStealer | Yara detected Mars stealer | Joe Security | ||
JoeSecurity_Vidar_1 | Yara detected Vidar stealer | Joe Security | ||
JoeSecurity_MarsStealer | Yara detected Mars stealer | Joe Security |
System Summary |
---|
Source: | Author: Furkan CALISKAN, @caliskanfurkan_, @oscd_initiative: |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_006DD060 |
Networking |
---|
Source: | URLs: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Static PE information: |
Source: | Code function: | 0_2_006D4A13 | |
Source: | Code function: | 0_2_006D4A13 |
Source: | Code function: | 0_2_006DE8C0 | |
Source: | Code function: | 0_2_006D28B0 | |
Source: | Code function: | 0_2_006D8AC0 | |
Source: | Code function: | 0_2_006DD4F0 | |
Source: | Code function: | 0_2_006DBDF0 | |
Source: | Code function: | 0_2_006D85D0 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_006D80F3 | |
Source: | Code function: | 0_2_006D7165 | |
Source: | Code function: | 0_2_006D823C | |
Source: | Code function: | 0_2_006D8275 | |
Source: | Code function: | 0_2_006D827D | |
Source: | Code function: | 0_2_006D823C | |
Source: | Code function: | 0_2_006D8275 | |
Source: | Code function: | 0_2_006D742D | |
Source: | Code function: | 0_2_006D6D5B | |
Source: | Code function: | 0_2_006E05AD | |
Source: | Code function: | 0_2_006D6E62 | |
Source: | Code function: | 0_2_006D8EA1 |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File deleted: | Jump to behavior |
Source: | Module Loaded: |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | API coverage: |
Source: | Code function: | 0_2_006DD060 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_006E0937 |
Source: | Code function: | 0_2_006DAB99 | |
Source: | Code function: | 0_2_006D50E3 | |
Source: | Code function: | 0_2_006DAB19 |
Source: | Code function: | 0_2_006E0800 | |
Source: | Code function: | 0_2_006E0937 | |
Source: | Code function: | 0_2_006E0A99 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_006E0620 |
Source: | Code function: | 0_2_006E0B55 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File source: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 11 DLL Side-Loading | 311 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 DLL Side-Loading | 311 Process Injection | LSASS Memory | 11 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 DLL Side-Loading | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 File Deletion | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
20% | Virustotal | Browse | ||
16% | ReversingLabs | Win32.Trojan.Nekark |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Crypt.ZPACK.Gen | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
3% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
plus.l.google.com | 142.251.16.100 | true | false | high | |
www.google.com | 64.233.180.99 | true | false | high | |
apis.google.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false | high | ||
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
64.233.180.99 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
192.168.2.6 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1434650 |
Start date and time: | 2024-05-01 15:46:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 30s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | BCb8yQ0fg8.exerenamed because original name is a hash value |
Original Sample Name: | 807675A50EE7545E02DAEAC9822842B7.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@23/16@4/4 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.253.62.94, 172.253.122.84, 172.253.122.101, 172.253.122.102, 172.253.122.138, 172.253.122.139, 172.253.122.113, 172.253.122.100, 34.104.35.123, 142.251.167.94, 199.232.210.172, 192.229.211.108, 172.253.115.94, 142.251.16.113, 142.251.16.139, 142.251.16.101, 142.251.16.100, 142.251.16.138, 142.251.16.102
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
Time | Type | Description |
---|---|---|
15:47:21 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | RisePro Stealer | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse | |||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
plus.l.google.com | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Users\user\Desktop\BCb8yQ0fg8.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 882182 |
Entropy (8bit): | 7.392188234423486 |
Encrypted: | false |
SSDEEP: | 24576:wvX8Uhe8KVoa5IzW4XzwSs/SLuOzwEmSj:wvX8UhfKVP5Y1zwv/K/zwzSj |
MD5: | A2372FC8FA9DEBDBCEC130A674F422FC |
SHA1: | 2EFBDFEF6C96752AF76DC82611603D88DD436B00 |
SHA-256: | CA22A18DF93B2AF7139D4797930D96EBB9E63ABB637DC9179773A6566C010291 |
SHA-512: | 2B4C85C2A681070B5B712CD184AC0C5C9A3A5BD105668C418A2F9D2A31684845F11BF0DFEB91A035098F3D795521D5AF30F5E958311D4340CCE531DDFBCE14B6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\cmd.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 157184 |
Entropy (8bit): | 6.191741252019896 |
Encrypted: | false |
SSDEEP: | 3072:YvtlGc6fgpJSG61doHN4N4QSUukO/yIwoeL1DGBJuOb:YvLJryZoI4RvkOKEnuG |
MD5: | 6B75CEC8F96DAF072098B3D3859D3080 |
SHA1: | A6838615614C855E21D63E78E2C50972F400D4C8 |
SHA-256: | 0F4A87E94883051FD2E41F48168F0A587B1A509CE03530BB8D62C26FF669F99A |
SHA-512: | 5053A4B2F03055A959965ACC92678959DBC3D3939CAC7C679C9E40616CB29DBECA51D5848CC002E477D1CF691677828DA4452AC0C97404B4B0AA356AD2AD3C8F |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 163891 |
Entropy (8bit): | 5.55061820245277 |
Encrypted: | false |
SSDEEP: | 3072:S0eiNiuzs8v4HHKWY8s1BgP4IDQ9GURWu8zylA/u8PemUPhDlaY/ADiZ65LpK629:S0eMhzvwHHKWY8s1BgP4IDQ9GURWu8UD |
MD5: | 0282D5C4C6038FCEB2FF8607EDAC81A4 |
SHA1: | 62EBF05C33F8A3115C208BB4D5CE9B38F6D06447 |
SHA-256: | AAAF17E8ED9C8DD5D1B69C8BBB617600A768256654C076F760E09C6047973371 |
SHA-512: | E21D25042E41527B62E80F9D9B82B85B915BA6D0698B2FFA5D8D59115F764770D1DE2108B72D82D57BFB7A8D4406FB53D091C1DC6D8BD03BED3BCA29CEFD0EAD |
Malicious: | false |
Reputation: | moderate, very likely benign file |
URL: | "https://www.gstatic.com/og/_/js/k=og.qtm.en_US.oT1FwJRCVC4.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTvBynad-nWEy1xIb9j1w6LpLOF6IQ" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 791 |
Entropy (8bit): | 5.147901415075528 |
Encrypted: | false |
SSDEEP: | 24:1wAvXxj6nBHslgT9lCuABuoB7HHHHHHHYqmffffffo:1wiXxjEKlgZ01BuSEqmffffffo |
MD5: | EC2CDBDD01F0DADC0FC3B9CB6B1D7B80 |
SHA1: | 5D7D6DC6B5F7D3092D6A4023948A71CE18DB0DFD |
SHA-256: | 2946499E234EDB18203D0B2CDDF64591EBDD1575C50497218DB405E2E648D912 |
SHA-512: | 952F3B49D0C063CCA3A939D1872546341D60D31B006AE762206DAC33DD1C8B9E0AC9E150B7CD15948289921878CEF71D6929F74F171D0A19EC1BD2FF5DCF979D |
Malicious: | false |
Reputation: | low |
URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 29 |
Entropy (8bit): | 3.9353986674667634 |
Encrypted: | false |
SSDEEP: | 3:VQAOx/1n:VQAOd1n |
MD5: | 6FED308183D5DFC421602548615204AF |
SHA1: | 0A3F484AAA41A60970BA92A9AC13523A1D79B4D5 |
SHA-256: | 4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D |
SHA-512: | A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
URL: | https://www.google.com/async/newtab_promos |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 139802 |
Entropy (8bit): | 5.440602720809514 |
Encrypted: | false |
SSDEEP: | 1536:yMRA4aKKJXjPInWWt/usD98kiHLnRA0zqevcZ8hhaV+trbbbhYxvdU:e8KJou8TMyez0shCO |
MD5: | 74F909C06A27C00BE395C0934D522FEA |
SHA1: | 83E72373A172088FFE239B05304176F466B44521 |
SHA-256: | BE2CE37C95D54DD5710770A623935305B047A0529D9BF811B31E0FA00EB2B1CA |
SHA-512: | A35650094DD91551214F6B5A8E47143AB8B8837F19110C2190BF39E03244BE6A176ABB2DE3C5EE02AFB3A364BCE393027E6C42DE4509D84959FEFF61411A7B05 |
Malicious: | false |
Reputation: | low |
URL: | https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3572 |
Entropy (8bit): | 5.150542995862274 |
Encrypted: | false |
SSDEEP: | 96:RJYrcoiktfqqMghOKTEzNx8BSIMw591g8IOl8u8i8DF+Ks:wkktfqqMghxlg8Ig8u78D2 |
MD5: | 88BC8C86A83B9BD8EDA6FDF225CDC8DD |
SHA1: | 473D84930F027A365278C15282725A69721F4B18 |
SHA-256: | 47D960E93D9E7AB4C760A09DA0AA5E6549A8355AD5C0BA8476D4269F4FBDB354 |
SHA-512: | 3BC486D908160D297AD3028C27177A9C41A1D87EF29A456058265FAF74A1DA069D3B0578F05A79F866C2DB752D5E0E42D179158BD62251D4FDA601A7CBA7CC4D |
Malicious: | false |
URL: | "https://www.gstatic.com/og/_/ss/k=og.qtm.T5bVtXo12IQ.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTssrVR1lBtzoy_MObv1DSp-vWG36A" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1660 |
Entropy (8bit): | 4.301517070642596 |
Encrypted: | false |
SSDEEP: | 48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD |
MD5: | 554640F465EB3ED903B543DAE0A1BCAC |
SHA1: | E0E6E2C8939008217EB76A3B3282CA75F3DC401A |
SHA-256: | 99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52 |
SHA-512: | 462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0 |
Malicious: | false |
URL: | https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 121628 |
Entropy (8bit): | 5.506662476672723 |
Encrypted: | false |
SSDEEP: | 3072:QI9yvwslCsrCF9f/U2Dj3Fkk7rEehA5L1kx:l9ygsrieDkVaL1kx |
MD5: | F46ACD807A10216E6EEE8EA51E0F14D6 |
SHA1: | 4702F47070F7046689432DCF605F11364BC0FBED |
SHA-256: | D6B84873D27E7E83CF5184AAEF778F1CCB896467576CD8AF2CAD09B31B3C6086 |
SHA-512: | 811263DC85C8DAA3A6E5D8A002CCCB953CD01E6A77797109835FE8B07CABE0DEE7EB126274E84266229880A90782B3B016BA034E31F0E3B259BF9E66CA797028 |
Malicious: | false |
URL: | "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0" |
Preview: |
File type: | |
Entropy (8bit): | 7.708245175318212 |
TrID: |
|
File name: | BCb8yQ0fg8.exe |
File size: | 944'280 bytes |
MD5: | 807675a50ee7545e02daeac9822842b7 |
SHA1: | 967094e1ef9155a031687396ba99855e54870612 |
SHA256: | 2895f26ebeb8334731591ac868e9ab554a3568632e3c62e802739e5d0fc38d88 |
SHA512: | 12a928dc23e7fd03996e5d41d8fce1d091b0fa979d379e63e6e89d58440f8a21a809a646e1c6431eda68d71515e1aed06219c4f3d8c0c86e25724b1d6e5af5b4 |
SSDEEP: | 24576:e8inPEBCZN5hoVlnJXzJ/SEVSoMAALia4:Dg5BuxF/SRF4 |
TLSH: | 4A15012175E54420E0A3023F48BDABA1857AAF718FB1F0CFA3447DAE5A3D9C1E930756 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8Ae.Y/6.Y/6.Y/6.%+7.Y/6.%,7.Y/6.%*7.Y/6.!.6.Y/6.!.7.Y/6.Y.69Y/6%%&7.Y/6%%-7.Y/6Rich.Y/6........PE..L......c...............".6. |
Icon Hash: | 2771a96949e8512b |
Entrypoint: | 0x410590 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x638F960F [Tue Dec 6 19:20:47 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 5f7bf97ec922bad10bc4de737ab257ee |
Signature Valid: | false |
Signature Issuer: | CN=Certum Code Signing 2021 CA, O=Asseco Data Systems S.A., C=PL |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 9107F754D755BA933AC47DFCE107DFB6 |
Thumbprint SHA-1: | 35F4E53A88751BBE67EAA097513E3DB1AD2F49E3 |
Thumbprint SHA-256: | 719B615DB1499BC948B5E7487C43B8BEB824AE62C576F7ADACC81A37CD8B3B14 |
Serial: | 6606F76CF00BC54EB3260E6E1BC70074 |
Instruction |
---|
call 00007FED0131F5F2h |
jmp 00007FED0131EE4Dh |
mov ecx, dword ptr [ebp-0Ch] |
mov dword ptr fs:[00000000h], ecx |
pop ecx |
pop edi |
pop edi |
pop esi |
pop ebx |
mov esp, ebp |
pop ebp |
push ecx |
ret |
push eax |
push dword ptr fs:[00000000h] |
lea eax, dword ptr [esp+0Ch] |
sub esp, dword ptr [esp+0Ch] |
push ebx |
push esi |
push edi |
mov dword ptr [eax], ebp |
mov ebp, eax |
mov eax, dword ptr [0041D010h] |
xor eax, ebp |
push eax |
push dword ptr [ebp-04h] |
mov dword ptr [ebp-04h], FFFFFFFFh |
lea eax, dword ptr [ebp-0Ch] |
mov dword ptr fs:[00000000h], eax |
ret |
push eax |
push dword ptr fs:[00000000h] |
lea eax, dword ptr [esp+0Ch] |
sub esp, dword ptr [esp+0Ch] |
push ebx |
push esi |
push edi |
mov dword ptr [eax], ebp |
mov ebp, eax |
mov eax, dword ptr [0041D010h] |
xor eax, ebp |
push eax |
mov dword ptr [ebp-10h], esp |
push dword ptr [ebp-04h] |
mov dword ptr [ebp-04h], FFFFFFFFh |
lea eax, dword ptr [ebp-0Ch] |
mov dword ptr fs:[00000000h], eax |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
and dword ptr [0041DA48h], 00000000h |
sub esp, 24h |
or dword ptr [0041D020h], 01h |
push 0000000Ah |
call dword ptr [004150BCh] |
test eax, eax |
je 00007FED0131F192h |
and dword ptr [ebp-10h], 00000000h |
xor eax, eax |
push ebx |
push esi |
push edi |
xor ecx, ecx |
lea edi, dword ptr [ebp-24h] |
push ebx |
cpuid |
mov esi, ebx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1b440 | 0x104 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1e000 | 0xc75be | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xe4000 | 0x2898 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xe6000 | 0x115c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x19490 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x19500 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x193d0 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x15000 | 0x1fc | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1353a | 0x13600 | bf2ff065a6f650143eeda7db528b6c35 | False | 0.5329637096774194 | data | 6.792453781810886 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x15000 | 0x709a | 0x7200 | 52bee74c9772c70a6f8907b529f30523 | False | 0.3418311403508772 | OpenPGP Public Key | 4.430638903645443 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x1d000 | 0xed8 | 0xa00 | 6ce128b02d8927ee9b06ec7d2d722258 | False | 0.1875 | DOS executable (block device driver \377\377\377\377N) | 2.4040749330890847 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x1e000 | 0xc75be | 0xc7600 | 6ca874172c252530e617f978b3eee543 | False | 0.8703541340125391 | data | 7.767515223848266 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xe6000 | 0x1240 | 0x1400 | e6dfe2ef8827a2d65c8819991629ace5 | False | 0.7158203125 | data | 6.1715723164120195 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
LMM | 0x1e180 | 0xb668e | PNG image data, 1112 x 688, 8-bit/color RGBA, non-interlaced | 0.9406718865020411 | ||
RT_ICON | 0xd4810 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 12368 x 12368 px/m | 0.09915118892700817 | ||
RT_GROUP_ICON | 0xe5038 | 0x14 | data | 1.15 | ||
RT_VERSION | 0xe504c | 0x388 | data | 0.43694690265486724 | ||
RT_MANIFEST | 0xe53d4 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5489795918367347 |
DLL | Import |
---|---|
KERNEL32.dll | FindNextFileW, GetCurrentProcess, GetModuleHandleExW, GetModuleFileNameW, LeaveCriticalSection, InitializeCriticalSection, GetEnvironmentVariableW, FindClose, MultiByteToWideChar, GetLastError, GetFileAttributesExW, GetFullPathNameW, GetProcAddress, DeleteCriticalSection, WideCharToMultiByte, IsWow64Process, LoadLibraryExW, FreeLibrary, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, EnterCriticalSection, FindFirstFileExW, OutputDebugStringW, LoadLibraryA, GetModuleHandleW, InitializeCriticalSectionAndSpinCount, SetLastError, RaiseException, RtlUnwind, InitializeSListHead, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, IsDebuggerPresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsProcessorFeaturePresent, LCMapStringEx, DecodePointer, EncodePointer, InitializeCriticalSectionEx, GetStringTypeW |
USER32.dll | MessageBoxW |
SHELL32.dll | ShellExecuteW |
ADVAPI32.dll | RegOpenKeyExW, RegGetValueW, DeregisterEventSource, RegisterEventSourceW, ReportEventW, RegCloseKey |
api-ms-win-crt-runtime-l1-1-0.dll | _crt_atexit, _invalid_parameter_noinfo_noreturn, __p___argc, __p___wargv, _exit, exit, _initterm_e, _errno, _initterm, _get_initial_wide_environment, _c_exit, _configure_wide_argv, _controlfp_s, _set_app_type, _register_onexit_function, _register_thread_local_exe_atexit_callback, _initialize_onexit_table, abort, _cexit, _initialize_wide_environment, terminate, _seh_filter_exe |
api-ms-win-crt-stdio-l1-1-0.dll | _set_fmode, __stdio_common_vsprintf_s, setvbuf, __stdio_common_vswprintf, __acrt_iob_func, fputwc, __p__commode, fputws, __stdio_common_vsnwprintf_s, _wfsopen, fflush, __stdio_common_vfwprintf |
api-ms-win-crt-heap-l1-1-0.dll | _callnewh, _set_new_mode, free, malloc, calloc |
api-ms-win-crt-string-l1-1-0.dll | wcsnlen, strcpy_s, _wcsdup, strcspn, wcsncmp, toupper |
api-ms-win-crt-convert-l1-1-0.dll | wcstoul, _wtoi |
api-ms-win-crt-locale-l1-1-0.dll | __pctype_func, _unlock_locales, _lock_locales, ___lc_locale_name_func, ___lc_codepage_func, ___mb_cur_max_func, _configthreadlocale, setlocale, localeconv |
api-ms-win-crt-math-l1-1-0.dll | __setusermatherr, frexp |
api-ms-win-crt-time-l1-1-0.dll | _gmtime64_s, wcsftime, _time64 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 1, 2024 15:46:50.850363970 CEST | 49678 | 443 | 192.168.2.4 | 104.46.162.224 |
May 1, 2024 15:46:52.884983063 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
May 1, 2024 15:47:02.040949106 CEST | 49735 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.041002035 CEST | 443 | 49735 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.041058064 CEST | 49735 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.042857885 CEST | 49735 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.042867899 CEST | 443 | 49735 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.045861959 CEST | 49738 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.045901060 CEST | 443 | 49738 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.045958042 CEST | 49738 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.046118975 CEST | 49738 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.046134949 CEST | 443 | 49738 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.047179937 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.047219992 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.047271013 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.048001051 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.048018932 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.116233110 CEST | 49740 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.116277933 CEST | 443 | 49740 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.116343021 CEST | 49740 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.116691113 CEST | 49740 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.116703033 CEST | 443 | 49740 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.242271900 CEST | 443 | 49735 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.245043993 CEST | 443 | 49738 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.246571064 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.250330925 CEST | 49735 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.250339985 CEST | 443 | 49735 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.250624895 CEST | 49738 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.250644922 CEST | 443 | 49738 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.251226902 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.251245022 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.251693010 CEST | 443 | 49738 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.251712084 CEST | 443 | 49735 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.251768112 CEST | 49738 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.251847029 CEST | 49735 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.252278090 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.252346992 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.253391981 CEST | 49735 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.253458023 CEST | 443 | 49735 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.259613991 CEST | 49738 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.259686947 CEST | 443 | 49738 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.261537075 CEST | 49735 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.261544943 CEST | 443 | 49735 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.261750937 CEST | 49738 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.261765003 CEST | 443 | 49738 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.262063026 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.262137890 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.263127089 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.263134956 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.311614037 CEST | 443 | 49740 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.312283993 CEST | 49740 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.312352896 CEST | 443 | 49740 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.312391043 CEST | 49735 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.312509060 CEST | 49738 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.312510014 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.313358068 CEST | 443 | 49740 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.313443899 CEST | 49740 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.314203024 CEST | 49740 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.314280033 CEST | 443 | 49740 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.314331055 CEST | 49740 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.314336061 CEST | 443 | 49740 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.365053892 CEST | 49740 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.455714941 CEST | 443 | 49735 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.455751896 CEST | 443 | 49735 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.455791950 CEST | 49735 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.455801964 CEST | 443 | 49735 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.460051060 CEST | 443 | 49735 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.460097075 CEST | 49735 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.468164921 CEST | 49738 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.468281984 CEST | 443 | 49738 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.468331099 CEST | 49738 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.474024057 CEST | 49735 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.474030972 CEST | 443 | 49735 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.484549046 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.484589100 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.484626055 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.484631062 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.484653950 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.484688044 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.490719080 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
May 1, 2024 15:47:02.490967035 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.490998030 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.491005898 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.491013050 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.491048098 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.497541904 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.499299049 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.499331951 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.499345064 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.499351978 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.499391079 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.505973101 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.512568951 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.512613058 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.512620926 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.540143967 CEST | 443 | 49740 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.540338993 CEST | 443 | 49740 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.540384054 CEST | 49740 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.540932894 CEST | 49740 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.540950060 CEST | 443 | 49740 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.567986965 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.579252958 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.582474947 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.582509041 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.582526922 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.582535982 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.582577944 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.589077950 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.595729113 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.595778942 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.595786095 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.602452993 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.602477074 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.602502108 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.602509975 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.602546930 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.609042883 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.615600109 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.615628004 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.615653992 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.615662098 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.615704060 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.621867895 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.628217936 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.628238916 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.628262997 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.628272057 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.628309965 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.634423018 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.640680075 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.640726089 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.640733957 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.647020102 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.647062063 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.647069931 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.653318882 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.653362989 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.653371096 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.659467936 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.659517050 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.659524918 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.674096107 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.674148083 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.674156904 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.677174091 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.677217007 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.677225113 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.683237076 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.683279037 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.683286905 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.688945055 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.689006090 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.689014912 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.698942900 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.699011087 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.699018002 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.700179100 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.700242043 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.700247049 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.708189011 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.708220959 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.708262920 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.708271027 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.708313942 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.712152958 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.716155052 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.716206074 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.716244936 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.716253996 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.716298103 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.720155001 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.724147081 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.724211931 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.724219084 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.728173018 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.728229046 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.728235960 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.731970072 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.732034922 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.732043028 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.734266043 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.734318018 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.734328985 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.738711119 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.738754988 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.738765001 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.742940903 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.742995977 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.743005991 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.747236013 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.747298956 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.747311115 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.751353025 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.751408100 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.751420021 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.755299091 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.755351067 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.755363941 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.759222984 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.759284019 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.759293079 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.763071060 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.763137102 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.763147116 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.766716957 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.766769886 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.766781092 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.770382881 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.770436049 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.770447969 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.775834084 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.775876999 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.775877953 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.775890112 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.775929928 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.779508114 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.781805038 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.781843901 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.781876087 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.781887054 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.781929016 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.784092903 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.786375046 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.786411047 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.786418915 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.786432981 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.786473036 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.788696051 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.790909052 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.790940046 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.790955067 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.790966988 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.791004896 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.793167114 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.795494080 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.795526981 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.795537949 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.795548916 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.795587063 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.797687054 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.799882889 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.799910069 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.799927950 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.799936056 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.799969912 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.802135944 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.804513931 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.804558992 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.804569006 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.805529118 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.805560112 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.805573940 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.805582047 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.805620909 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.805629015 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.805712938 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:02.805757046 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.939783096 CEST | 49739 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:02.939848900 CEST | 443 | 49739 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:06.234628916 CEST | 49749 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:06.234663010 CEST | 443 | 49749 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:06.234720945 CEST | 49749 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:06.235040903 CEST | 49749 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:06.235064030 CEST | 443 | 49749 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:06.429635048 CEST | 443 | 49749 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:06.429877996 CEST | 49749 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:06.429894924 CEST | 443 | 49749 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:06.430221081 CEST | 443 | 49749 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:06.430497885 CEST | 49749 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:06.430561066 CEST | 443 | 49749 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:06.547780991 CEST | 49749 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:08.343822002 CEST | 49750 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:08.343868971 CEST | 443 | 49750 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:08.343954086 CEST | 49750 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:08.352900028 CEST | 49750 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:08.352912903 CEST | 443 | 49750 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:08.549704075 CEST | 443 | 49750 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:08.549798012 CEST | 49750 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:08.553047895 CEST | 49750 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:08.553055048 CEST | 443 | 49750 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:08.553265095 CEST | 443 | 49750 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:08.587033033 CEST | 49750 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:08.632114887 CEST | 443 | 49750 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:08.770838022 CEST | 443 | 49750 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:08.770890951 CEST | 443 | 49750 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:08.770939112 CEST | 49750 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:08.771018982 CEST | 49750 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:08.771033049 CEST | 443 | 49750 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:08.771053076 CEST | 49750 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:08.771058083 CEST | 443 | 49750 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:08.812597990 CEST | 49751 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:08.812630892 CEST | 443 | 49751 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:08.812690973 CEST | 49751 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:08.812920094 CEST | 49751 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:08.812931061 CEST | 443 | 49751 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:09.028734922 CEST | 443 | 49751 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:09.028810978 CEST | 49751 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:09.030199051 CEST | 49751 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:09.030210018 CEST | 443 | 49751 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:09.030463934 CEST | 443 | 49751 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:09.031804085 CEST | 49751 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:09.076119900 CEST | 443 | 49751 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:09.238280058 CEST | 443 | 49751 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:09.238356113 CEST | 443 | 49751 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:09.238399982 CEST | 49751 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:09.239190102 CEST | 49751 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:09.239209890 CEST | 443 | 49751 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:09.239223003 CEST | 49751 | 443 | 192.168.2.4 | 23.209.58.93 |
May 1, 2024 15:47:09.239228010 CEST | 443 | 49751 | 23.209.58.93 | 192.168.2.4 |
May 1, 2024 15:47:14.882184029 CEST | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:14.882203102 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:14.882261992 CEST | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:14.883127928 CEST | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:14.883140087 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:15.192086935 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:15.192178965 CEST | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:15.195040941 CEST | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:15.195053101 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:15.195393085 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:15.239653111 CEST | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:15.561985970 CEST | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:15.608113050 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:15.763243914 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:15.763262033 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:15.763267994 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:15.763278008 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:15.763309956 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:15.763345003 CEST | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:15.763380051 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:15.763396025 CEST | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:15.763607979 CEST | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:15.763662100 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:15.763715982 CEST | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:15.763721943 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:15.763735056 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:15.763784885 CEST | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:15.991794109 CEST | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:15.991821051 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:15.991832018 CEST | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:15.991837978 CEST | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:16.443156004 CEST | 443 | 49749 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:16.443217993 CEST | 443 | 49749 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:16.443300009 CEST | 49749 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:17.770047903 CEST | 49749 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:47:17.770067930 CEST | 443 | 49749 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:47:40.427052021 CEST | 49732 | 80 | 192.168.2.4 | 23.53.35.105 |
May 1, 2024 15:47:40.427107096 CEST | 49727 | 80 | 192.168.2.4 | 23.53.35.103 |
May 1, 2024 15:47:40.427148104 CEST | 49726 | 80 | 192.168.2.4 | 23.53.35.111 |
May 1, 2024 15:47:40.427187920 CEST | 49725 | 80 | 192.168.2.4 | 23.53.35.104 |
May 1, 2024 15:47:40.521204948 CEST | 80 | 49726 | 23.53.35.111 | 192.168.2.4 |
May 1, 2024 15:47:40.521218061 CEST | 80 | 49727 | 23.53.35.103 | 192.168.2.4 |
May 1, 2024 15:47:40.521279097 CEST | 49726 | 80 | 192.168.2.4 | 23.53.35.111 |
May 1, 2024 15:47:40.521296024 CEST | 49727 | 80 | 192.168.2.4 | 23.53.35.103 |
May 1, 2024 15:47:40.521528006 CEST | 80 | 49725 | 23.53.35.104 | 192.168.2.4 |
May 1, 2024 15:47:40.521572113 CEST | 49725 | 80 | 192.168.2.4 | 23.53.35.104 |
May 1, 2024 15:47:40.521769047 CEST | 80 | 49732 | 23.53.35.105 | 192.168.2.4 |
May 1, 2024 15:47:40.521810055 CEST | 49732 | 80 | 192.168.2.4 | 23.53.35.105 |
May 1, 2024 15:47:55.461898088 CEST | 49758 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:55.461925983 CEST | 443 | 49758 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:55.461977959 CEST | 49758 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:55.462344885 CEST | 49758 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:55.462357044 CEST | 443 | 49758 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:55.768177032 CEST | 443 | 49758 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:55.768292904 CEST | 49758 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:55.775103092 CEST | 49758 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:55.775108099 CEST | 443 | 49758 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:55.775348902 CEST | 443 | 49758 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:55.787718058 CEST | 49758 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:55.832117081 CEST | 443 | 49758 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:56.065115929 CEST | 443 | 49758 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:56.065135956 CEST | 443 | 49758 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:56.065154076 CEST | 443 | 49758 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:56.065205097 CEST | 49758 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:56.065242052 CEST | 443 | 49758 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:56.065270901 CEST | 443 | 49758 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:56.065294981 CEST | 49758 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:56.065325022 CEST | 443 | 49758 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:56.065342903 CEST | 49758 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:56.065373898 CEST | 49758 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:56.072117090 CEST | 49758 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:56.072132111 CEST | 443 | 49758 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:47:56.072173119 CEST | 49758 | 443 | 192.168.2.4 | 20.12.23.50 |
May 1, 2024 15:47:56.072177887 CEST | 443 | 49758 | 20.12.23.50 | 192.168.2.4 |
May 1, 2024 15:48:06.287913084 CEST | 49760 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:48:06.287940979 CEST | 443 | 49760 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:48:06.288033009 CEST | 49760 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:48:06.288229942 CEST | 49760 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:48:06.288242102 CEST | 443 | 49760 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:48:06.799230099 CEST | 443 | 49760 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:48:06.799506903 CEST | 49760 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:48:06.799541950 CEST | 443 | 49760 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:48:06.799864054 CEST | 443 | 49760 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:48:06.800157070 CEST | 49760 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:48:06.800225973 CEST | 443 | 49760 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:48:06.849004984 CEST | 49760 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:48:09.896316051 CEST | 49723 | 80 | 192.168.2.4 | 23.199.71.185 |
May 1, 2024 15:48:09.896400928 CEST | 49724 | 80 | 192.168.2.4 | 72.21.81.240 |
May 1, 2024 15:48:09.990397930 CEST | 80 | 49724 | 72.21.81.240 | 192.168.2.4 |
May 1, 2024 15:48:09.990510941 CEST | 49724 | 80 | 192.168.2.4 | 72.21.81.240 |
May 1, 2024 15:48:09.990557909 CEST | 80 | 49723 | 23.199.71.185 | 192.168.2.4 |
May 1, 2024 15:48:09.990616083 CEST | 49723 | 80 | 192.168.2.4 | 23.199.71.185 |
May 1, 2024 15:48:16.797683001 CEST | 443 | 49760 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:48:16.797746897 CEST | 443 | 49760 | 64.233.180.99 | 192.168.2.4 |
May 1, 2024 15:48:16.797792912 CEST | 49760 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:48:18.734056950 CEST | 49760 | 443 | 192.168.2.4 | 64.233.180.99 |
May 1, 2024 15:48:18.734082937 CEST | 443 | 49760 | 64.233.180.99 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 1, 2024 15:47:01.694837093 CEST | 53 | 63187 | 1.1.1.1 | 192.168.2.4 |
May 1, 2024 15:47:01.897485018 CEST | 54288 | 53 | 192.168.2.4 | 1.1.1.1 |
May 1, 2024 15:47:01.897897005 CEST | 61870 | 53 | 192.168.2.4 | 1.1.1.1 |
May 1, 2024 15:47:01.905474901 CEST | 53 | 52654 | 1.1.1.1 | 192.168.2.4 |
May 1, 2024 15:47:01.994194031 CEST | 53 | 61870 | 1.1.1.1 | 192.168.2.4 |
May 1, 2024 15:47:01.995353937 CEST | 53 | 54288 | 1.1.1.1 | 192.168.2.4 |
May 1, 2024 15:47:02.617317915 CEST | 53 | 65109 | 1.1.1.1 | 192.168.2.4 |
May 1, 2024 15:47:04.772463083 CEST | 53 | 56971 | 1.1.1.1 | 192.168.2.4 |
May 1, 2024 15:47:05.512001991 CEST | 55291 | 53 | 192.168.2.4 | 1.1.1.1 |
May 1, 2024 15:47:05.512125015 CEST | 49698 | 53 | 192.168.2.4 | 1.1.1.1 |
May 1, 2024 15:47:05.607254982 CEST | 53 | 49698 | 1.1.1.1 | 192.168.2.4 |
May 1, 2024 15:47:05.607537031 CEST | 53 | 55291 | 1.1.1.1 | 192.168.2.4 |
May 1, 2024 15:47:21.583406925 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
May 1, 2024 15:47:24.540198088 CEST | 53 | 60900 | 1.1.1.1 | 192.168.2.4 |
May 1, 2024 15:47:43.696841955 CEST | 53 | 60224 | 1.1.1.1 | 192.168.2.4 |
May 1, 2024 15:48:01.590617895 CEST | 53 | 60476 | 1.1.1.1 | 192.168.2.4 |
May 1, 2024 15:48:07.241719961 CEST | 53 | 58458 | 1.1.1.1 | 192.168.2.4 |
May 1, 2024 15:48:29.211852074 CEST | 53 | 59592 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 1, 2024 15:47:01.897485018 CEST | 192.168.2.4 | 1.1.1.1 | 0xe605 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 1, 2024 15:47:01.897897005 CEST | 192.168.2.4 | 1.1.1.1 | 0xc272 | Standard query (0) | 65 | IN (0x0001) | false | |
May 1, 2024 15:47:05.512001991 CEST | 192.168.2.4 | 1.1.1.1 | 0xc80d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 1, 2024 15:47:05.512125015 CEST | 192.168.2.4 | 1.1.1.1 | 0x47b6 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 1, 2024 15:47:01.994194031 CEST | 1.1.1.1 | 192.168.2.4 | 0xc272 | No error (0) | 65 | IN (0x0001) | false | |||
May 1, 2024 15:47:01.995353937 CEST | 1.1.1.1 | 192.168.2.4 | 0xe605 | No error (0) | 64.233.180.99 | A (IP address) | IN (0x0001) | false | ||
May 1, 2024 15:47:01.995353937 CEST | 1.1.1.1 | 192.168.2.4 | 0xe605 | No error (0) | 64.233.180.106 | A (IP address) | IN (0x0001) | false | ||
May 1, 2024 15:47:01.995353937 CEST | 1.1.1.1 | 192.168.2.4 | 0xe605 | No error (0) | 64.233.180.103 | A (IP address) | IN (0x0001) | false | ||
May 1, 2024 15:47:01.995353937 CEST | 1.1.1.1 | 192.168.2.4 | 0xe605 | No error (0) | 64.233.180.147 | A (IP address) | IN (0x0001) | false | ||
May 1, 2024 15:47:01.995353937 CEST | 1.1.1.1 | 192.168.2.4 | 0xe605 | No error (0) | 64.233.180.104 | A (IP address) | IN (0x0001) | false | ||
May 1, 2024 15:47:01.995353937 CEST | 1.1.1.1 | 192.168.2.4 | 0xe605 | No error (0) | 64.233.180.105 | A (IP address) | IN (0x0001) | false | ||
May 1, 2024 15:47:05.607254982 CEST | 1.1.1.1 | 192.168.2.4 | 0x47b6 | No error (0) | plus.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 1, 2024 15:47:05.607537031 CEST | 1.1.1.1 | 192.168.2.4 | 0xc80d | No error (0) | plus.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 1, 2024 15:47:05.607537031 CEST | 1.1.1.1 | 192.168.2.4 | 0xc80d | No error (0) | 142.251.16.100 | A (IP address) | IN (0x0001) | false | ||
May 1, 2024 15:47:05.607537031 CEST | 1.1.1.1 | 192.168.2.4 | 0xc80d | No error (0) | 142.251.16.138 | A (IP address) | IN (0x0001) | false | ||
May 1, 2024 15:47:05.607537031 CEST | 1.1.1.1 | 192.168.2.4 | 0xc80d | No error (0) | 142.251.16.113 | A (IP address) | IN (0x0001) | false | ||
May 1, 2024 15:47:05.607537031 CEST | 1.1.1.1 | 192.168.2.4 | 0xc80d | No error (0) | 142.251.16.139 | A (IP address) | IN (0x0001) | false | ||
May 1, 2024 15:47:05.607537031 CEST | 1.1.1.1 | 192.168.2.4 | 0xc80d | No error (0) | 142.251.16.101 | A (IP address) | IN (0x0001) | false | ||
May 1, 2024 15:47:05.607537031 CEST | 1.1.1.1 | 192.168.2.4 | 0xc80d | No error (0) | 142.251.16.102 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49735 | 64.233.180.99 | 443 | 7588 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-01 13:47:02 UTC | 615 | OUT | |
2024-05-01 13:47:02 UTC | 1703 | IN | |
2024-05-01 13:47:02 UTC | 798 | IN | |
2024-05-01 13:47:02 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49738 | 64.233.180.99 | 443 | 7588 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-01 13:47:02 UTC | 353 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49739 | 64.233.180.99 | 443 | 7588 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-01 13:47:02 UTC | 518 | OUT | |
2024-05-01 13:47:02 UTC | 1479 | IN | |
2024-05-01 13:47:02 UTC | 1479 | IN | |
2024-05-01 13:47:02 UTC | 1479 | IN | |
2024-05-01 13:47:02 UTC | 1479 | IN | |
2024-05-01 13:47:02 UTC | 1479 | IN | |
2024-05-01 13:47:02 UTC | 821 | IN | |
2024-05-01 13:47:02 UTC | 413 | IN | |
2024-05-01 13:47:02 UTC | 1255 | IN | |
2024-05-01 13:47:02 UTC | 1255 | IN | |
2024-05-01 13:47:02 UTC | 1255 | IN | |
2024-05-01 13:47:02 UTC | 1255 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49740 | 64.233.180.99 | 443 | 7588 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-01 13:47:02 UTC | 353 | OUT | |
2024-05-01 13:47:02 UTC | 1434 | IN | |
2024-05-01 13:47:02 UTC | 35 | IN | |
2024-05-01 13:47:02 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49750 | 23.209.58.93 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-01 13:47:08 UTC | 161 | OUT | |
2024-05-01 13:47:08 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49751 | 23.209.58.93 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-01 13:47:09 UTC | 239 | OUT | |
2024-05-01 13:47:09 UTC | 774 | IN | |
2024-05-01 13:47:09 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49752 | 20.12.23.50 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-01 13:47:15 UTC | 306 | OUT | |
2024-05-01 13:47:15 UTC | 560 | IN | |
2024-05-01 13:47:15 UTC | 15824 | IN | |
2024-05-01 13:47:15 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49758 | 20.12.23.50 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-01 13:47:55 UTC | 306 | OUT | |
2024-05-01 13:47:56 UTC | 560 | IN | |
2024-05-01 13:47:56 UTC | 15824 | IN | |
2024-05-01 13:47:56 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 15:46:55 |
Start date: | 01/05/2024 |
Path: | C:\Users\user\Desktop\BCb8yQ0fg8.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x6d0000 |
File size: | 944'280 bytes |
MD5 hash: | 807675A50EE7545E02DAEAC9822842B7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 15:46:55 |
Start date: | 01/05/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 15:46:55 |
Start date: | 01/05/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 15:47:00 |
Start date: | 01/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 5 |
Start time: | 15:47:00 |
Start date: | 01/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 7 |
Start time: | 15:47:17 |
Start date: | 01/05/2024 |
Path: | C:\Windows\SysWOW64\explorer.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x180000 |
File size: | 4'514'184 bytes |
MD5 hash: | DD6597597673F72E10C9DE7901FBA0A8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Has exited: | true |
Execution Graph
Execution Coverage: | 6.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 9.3% |
Total number of Nodes: | 1308 |
Total number of Limit Nodes: | 18 |
Graph
Function 006DAB99 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134memoryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006D4A13 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123nativeCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006D42F3 Relevance: 4.6, APIs: 3, Instructions: 79fileCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006D5CA0 Relevance: 3.1, APIs: 2, Instructions: 74memoryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006D49B3 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 23memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006D3F23 Relevance: 1.5, APIs: 1, Instructions: 25libraryCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006D28B0 Relevance: 39.2, APIs: 5, Strings: 17, Instructions: 705windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006DD060 Relevance: 6.3, APIs: 4, Instructions: 334fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E0937 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006DD4F0 Relevance: 1.8, APIs: 1, Instructions: 303COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E0620 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006D8AC0 Relevance: 1.6, Strings: 1, Instructions: 364COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E0A99 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006D85D0 Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006DAB19 Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006D50E3 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006DC740 Relevance: 33.6, APIs: 12, Strings: 7, Instructions: 316registryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E2008 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 303COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006D2340 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 147registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006DBAE0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 146libraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006DB250 Relevance: 12.2, APIs: 8, Instructions: 243COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006D1BB0 Relevance: 12.1, APIs: 8, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E0330 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006DE410 Relevance: 10.5, APIs: 7, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E2DF7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E23AD Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006DFE0C Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006D22E0 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006D1140 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |