Edit tour
Windows
Analysis Report
KsJBQmWmRc.exe
Overview
General Information
Sample name: | KsJBQmWmRc.exe (renamed file extension from none to exe, renamed because original name is a hash value) |
Original sample name: | 472232ca821b5c2ef562ab07f53638bc2cc82eae84cea13fbe674d6022b6481c |
Analysis ID: | 1360781 |
MD5: | d9ec6f3a3b2ac7cd5eef07bd86e3efbc |
SHA1: | e1908caab6f938404af85a7df0f80f877a4d9ee6 |
SHA256: | 472232ca821b5c2ef562ab07f53638bc2cc82eae84cea13fbe674d6022b6481c |
Infos: | |
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | true |
Confidence: | 100% |
Signatures
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to enumerate running services
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates files inside the system directory
Creates or modifies windows services
Detected potential crypto function
Found evaded block containing many API calls
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Classification
- System is w10x64
- KsJBQmWmRc.exe (PID: 7684 cmdline:
C:\Users\u ser\Deskto p\KsJBQmWm Rc.exe MD5: D9EC6F3A3B2AC7CD5EEF07BD86E3EFBC) - conhost.exe (PID: 7692 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
- chrome.exe (PID: 7892 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http://n ssm.cc/ MD5: 5BBFA6CBDF4C254EB368D534F9E23C92) - chrome.exe (PID: 8104 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2068 --fi eld-trial- handle=198 4,i,356563 7498364066 981,797142 0518312829 886,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | IP Address: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0040FA10 |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00419522 |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_0040FA10 |
Source: | Code function: | 0_2_0040A1E0 |
Source: | Code function: | 0_2_00405600 |
Source: | Code function: | 0_2_00409B70 |
Source: | Code function: | 0_2_00409B70 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | Code function: | 0_2_0041BB09 |
Source: | Code function: | 0_2_00416AD0 |
Source: | Registry key created: | Jump to behavior |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00409B70 |
Source: | Code function: | 0_2_0040CAB0 |
Source: | Evaded block: | graph_0-10102 |
Source: | Evasive API call chain: | graph_0-10013 |
Source: | API coverage: |
Source: | Last function: |
Source: | Code function: | 0_2_00412CDC |
Source: | Code function: | 0_2_0041BB09 |
Source: | Code function: | 0_2_00405370 |
Source: | Code function: | 0_2_00412CDC | |
Source: | Code function: | 0_2_0041BD69 | |
Source: | Code function: | 0_2_00415360 | |
Source: | Code function: | 0_2_004187C4 |
Source: | Code function: | 0_2_00409920 |
Source: | Code function: | 0_2_0041C465 |
Source: | Code function: | 0_2_004088E0 |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact | Resource Development | Reconnaissance |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 12 Service Execution | 23 Windows Service | 23 Windows Service | 11 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Abuse Accessibility Features | Acquire Infrastructure | Gather Victim Identity Information |
Default Accounts | 3 Native API | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 2 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Ingress Tool Transfer | SIM Card Swap | Obtain Device Cloud Backups | Network Denial of Service | Domains | Credentials |
Domain Accounts | At | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 1 Process Injection | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 4 Non-Application Layer Protocol | Data Encrypted for Impact | DNS Server | Email Addresses | ||
Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | Traffic Duplication | 5 Application Layer Protocol | Data Destruction | Virtual Private Server | Employee Names | ||
Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Obfuscated Files or Information | LSA Secrets | 1 System Service Discovery | SSH | Keylogging | Scheduled Transfer | Fallback Channels | Data Encrypted for Impact | Server | Gather Victim Network Information | ||
Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 12 System Information Discovery | VNC | GUI Input Capture | Data Transfer Size Limits | Multiband Communication | Service Stop | Botnet | Domain Properties |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
accounts.google.com | 172.217.3.77 | true | false | high | |
www.google.com | 142.251.35.228 | true | false | high | |
clients.l.google.com | 172.217.2.206 | true | false | high | |
nssm.cc | 104.156.51.181 | true | false | high | |
clients1.google.com | unknown | unknown | false | high | |
clients2.google.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.217.174 | unknown | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.251.35.228 | www.google.com | United States | 15169 | GOOGLEUS | false | |
172.217.2.206 | clients.l.google.com | United States | 15169 | GOOGLEUS | false | |
172.217.3.77 | accounts.google.com | United States | 15169 | GOOGLEUS | false | |
104.156.51.181 | nssm.cc | United States | 29802 | HVC-ASUS | false |
IP |
---|
192.168.2.9 |
Joe Sandbox version: | 38.0.0 Ammolite |
Analysis ID: | 1360781 |
Start date and time: | 2023-12-12 21:49:16 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | KsJBQmWmRc.exe (renamed file extension from none to exe, renamed because original name is a hash value) |
Original Sample Name: | 472232ca821b5c2ef562ab07f53638bc2cc82eae84cea13fbe674d6022b6481c |
Detection: | CLEAN |
Classification: | clean10.winEXE@16/13@12/7 |
EGA Information: |
|
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 72.21.81.240, 142.250.64.195, 34.104.35.123, 192.229.211.108, 142.250.189.131
- Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com
- HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: KsJBQmWmRc.exe
⊘No simulations
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Phisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Fake Captcha, HTMLPhisher | Browse | |||
Get hash | malicious | Fake Captcha, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
104.156.51.181 | Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
nssm.cc | Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
HVC-ASUS | Get hash | malicious | Lokibot, zgRAT | Browse |
| |
Get hash | malicious | Phisher, TechSupportScam | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | Poverty Stealer | Browse |
| ||
Get hash | malicious | Poverty Stealer | Browse |
| ||
Get hash | malicious | Poverty Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Djvu, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | BazaLoader, PrivateLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
1138de370e523e824bbca92d049a3777 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Fake Captcha, HTMLPhisher | Browse |
| ||
Get hash | malicious | Fake Captcha, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Fake Captcha, HTMLPhisher | Browse |
| ||
Get hash | malicious | Fake Captcha, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Outlook Phishing, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
⊘No context
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.969885952267805 |
Encrypted: | false |
SSDEEP: | 48:85dnTcSHridAKZdA1P4ehwiZUklqehky+3:8b4OOjy |
MD5: | 27BBD151CD7FBAC28F9DC3E743DF080E |
SHA1: | 65E2F519A669D5F11EAC0932AF0074CFD9656A21 |
SHA-256: | 08311F2E9A97D9A8C4E9F78336AE351D27DD751835B5B7B9E0CB3FB355094F93 |
SHA-512: | 01BC26446BEE689414430712B4E0111B43F69A7AFE4B52A5A051ED1A67BC156B91A36E4E37BE5A4EA54B25A9E070203EA990769E597C8B5D94CB5CBB7E324328 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 3.9880464193668432 |
Encrypted: | false |
SSDEEP: | 48:8NdnTcSHridAKZdA1+4eh/iZUkAQkqehTy+2:8n4PF9Q6y |
MD5: | 81909584305C00239A44F78B6FB40EAB |
SHA1: | 6A600EC34761DBCFE388E90F3D6A901DD097CEFD |
SHA-256: | C2CB748E0BB29B85CBD33F26D3C331BFCC5F8A3E5A9FD035090BC21DF565042C |
SHA-512: | 932003B58E53F361B2706F9D32827296A2C5AE7B65ABD8D27AFB1B48AA38532A9E902D1251E444C57C3EC9FD408CEF0A6FCF9F8370ABBFCE16E5DD882A515C1E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 3.996724323885426 |
Encrypted: | false |
SSDEEP: | 48:8FdnTcVHridAKZdA1404eh7sFiZUkmgqeh7sZy+BX:8f4zInvy |
MD5: | 0A6C481F3BACFAE25BBB0169ABF33202 |
SHA1: | 1350E89FCD2F119A9377B2809401BA73EA44C2D3 |
SHA-256: | 3DF4415E6284DE94F6A734DBE80F9EBF6414C455D78EBE9F352E92FDD2D9D277 |
SHA-512: | 632141B8C5ED072A632B1DB0B8AD16951AED678AA72F05952E4F61DEFFEF2398D21A435CF5783B473908E64DB027DF61CD6067666A2BCCECD258F9F0F23A82F2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9861366779364626 |
Encrypted: | false |
SSDEEP: | 48:8/tdnTcSHridAKZdA1p4ehDiZUkwqehXy+R:8v445hy |
MD5: | 42468E1CF8674734FA482EBC722FC384 |
SHA1: | 544F10450550E2CE09CF206129B5D9E2FD9DED74 |
SHA-256: | 8187F0827E2A56A1DB7DFB65F6666326EDB3702BC9F00484B3B1729B175C1D35 |
SHA-512: | BE5C2F52693C0EE97B627E4F0AA0255DD2EA9E2DB5A0C84DE1E5309CE2F97F85377AC08E18508D158422210D58E381A0C7798D63F7D5325E47F435F6D0854FDF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9750757596501956 |
Encrypted: | false |
SSDEEP: | 48:8PdnTcSHridAKZdA1X4ehBiZUk1W1qehVy+C:814Wb91y |
MD5: | F4FB327FCD9820411AFA5B4022718A95 |
SHA1: | 52D14EBD9F71E5738699694F51919CD4454C7C1B |
SHA-256: | 111487F10E3FE3D6312E884122B1C798DB19E336085B6BF85B6CE3FCD8881DE8 |
SHA-512: | 9F6630D2B8252B77A854F5DA1A6141A3373B267F290AFEDD090DD45683B671712B1D3095CD21CEB15C7ECCE2CC51E62A3AA57F43E992783F1BC6DABC881219D7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9843256430096403 |
Encrypted: | false |
SSDEEP: | 48:8EdnTcSHridAKZdA1duTc4ehOuTbbiZUk5OjqehOuTbvy+yT+:8s4LTcJTbxWOvTbvy7T |
MD5: | C3502062A8B1E34E4A2670B8E8518E6D |
SHA1: | 7DBB3100933058DAB22E762CEC0B3BC78983A67E |
SHA-256: | 980C1DA465AA1A555F2682BCCD472EBB9FF3C6F6A83ECF73D348355CAE3486D7 |
SHA-512: | A292A794CACA8123A95080ABFCCB8B11F2C0A93C20D33C43A2B5D84066464B223F7F6EB5DA6124B22CA504C024E8885FE68FA6F489C90EA648CF33DE163BB8EB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7837 |
Entropy (8bit): | 7.939178431094295 |
Encrypted: | false |
SSDEEP: | 192:Z6PlMKjn6MosEtOrShhiHCYCOh/GCgvPvE3HSeD+/4OT:Z6PxjnqtOyhiHCYCOhuCuvE3HSeDPOT |
MD5: | 4A596563F96E2E47151C17F589CAC1AD |
SHA1: | DBBAE4D2FFE69C58614D7F35673F866C357F00C7 |
SHA-256: | BC9288A2FBD9FD6F690B644420B3D30D9D5AE80FD9AB7DFD54B0605CB1506552 |
SHA-512: | 86A5076362D2774B28D4290B6E7B5578C8A8AB25524A9D0B4DA6BCE830FC1889BDD0B4331219D4702A530B6C8077B7444FE61AB6F8BD59E252C2121F4A374B17 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 78446 |
Entropy (8bit): | 1.8613615146926084 |
Encrypted: | false |
SSDEEP: | 384:Klg3s5KEZCWSDmxbjZOLEY8F7FLk+JKWT1IDc+Cput2tttxWH:Kp55CWSDmxbjmSFLk+B1IDc+Cpntt2 |
MD5: | 85EE34CFB95AB45F2F0E664F8C3D753D |
SHA1: | 0E08DF440D57150CBB73F8D8397CA086F3EF3EC9 |
SHA-256: | 1742250D10600A52EE5E2A23BAE1F86BE83D83F85F36B537FA97AA69718ABF5B |
SHA-512: | E905937E8DF7F91D9E191736E179C42FC33416E4A827293B8E7BC49DCA4F579FC062794326E85A07D63CB3C641564F14DCA964D20FFA77D6FB0A1C08C4268A6E |
Malicious: | false |
URL: | http://nssm.cc/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 7837 |
Entropy (8bit): | 7.939178431094295 |
Encrypted: | false |
SSDEEP: | 192:Z6PlMKjn6MosEtOrShhiHCYCOh/GCgvPvE3HSeD+/4OT:Z6PxjnqtOyhiHCYCOhuCuvE3HSeDPOT |
MD5: | 4A596563F96E2E47151C17F589CAC1AD |
SHA1: | DBBAE4D2FFE69C58614D7F35673F866C357F00C7 |
SHA-256: | BC9288A2FBD9FD6F690B644420B3D30D9D5AE80FD9AB7DFD54B0605CB1506552 |
SHA-512: | 86A5076362D2774B28D4290B6E7B5578C8A8AB25524A9D0B4DA6BCE830FC1889BDD0B4331219D4702A530B6C8077B7444FE61AB6F8BD59E252C2121F4A374B17 |
Malicious: | false |
URL: | http://nssm.cc/images/logo.jpg |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 216 |
Entropy (8bit): | 5.159182531677209 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3eKabCezocKqD:J0+oxBeRmR9etdzRxLez1T |
MD5: | A3098923B5E12D5A37829EFAF9A9A475 |
SHA1: | FAB97D8B98E101750323E0129B318CBC88C37AA5 |
SHA-256: | BED2C23E979983B532477E2B29EE95F98C5A867D17B00B1FB760C90A0588DE41 |
SHA-512: | 4876F7C7767AF2EF1BBE7CF16508F54EAE3EABC9CEB0F53A0BF0357796F8B859EFAD8776E095F957A1AC3F036CA68C86B126852DD9BDB87BC7A6FC982C7FCC6C |
Malicious: | false |
URL: | http://nssm.cc/images/sidebar.jpg |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1395 |
Entropy (8bit): | 4.9148331258756475 |
Encrypted: | false |
SSDEEP: | 24:wOaNDhklovAqIe6L7fQrJDA5k2ftFq8+AvvtAvvCOAvvgOAvvuAvvV8hPAvvLHiF:wOYDhk+vX96L7fIJDA5ketcFAvvtAvvO |
MD5: | 6F3596C011538F55DC590C5EF250C5FF |
SHA1: | A358294A4529995016CB8148C6746AF451D46BBA |
SHA-256: | E33DBAC6E396B275D2FE963AB2E6B2CF1429F2000A0A348ECB0819178CA3A4A6 |
SHA-512: | 933A73F909A3395C7ADBD0A250D9B154B6B839A7637240FA872D834E4FD7403AA0AE5DCC9798B37DC55FD781E1FB7CEFE4A3C8B67CC8BFA0CC8D9F44FD4556AA |
Malicious: | false |
URL: | http://nssm.cc/style.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 78446 |
Entropy (8bit): | 1.8613615146926084 |
Encrypted: | false |
SSDEEP: | 384:Klg3s5KEZCWSDmxbjZOLEY8F7FLk+JKWT1IDc+Cput2tttxWH:Kp55CWSDmxbjmSFLk+B1IDc+Cpntt2 |
MD5: | 85EE34CFB95AB45F2F0E664F8C3D753D |
SHA1: | 0E08DF440D57150CBB73F8D8397CA086F3EF3EC9 |
SHA-256: | 1742250D10600A52EE5E2A23BAE1F86BE83D83F85F36B537FA97AA69718ABF5B |
SHA-512: | E905937E8DF7F91D9E191736E179C42FC33416E4A827293B8E7BC49DCA4F579FC062794326E85A07D63CB3C641564F14DCA964D20FFA77D6FB0A1C08C4268A6E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2074 |
Entropy (8bit): | 4.947443458632238 |
Encrypted: | false |
SSDEEP: | 48:Jp3KkDkdKvmHjQLOY/79KMIRM+3nvO3z1hGQ7M3:xodKyyOu5y6yujk |
MD5: | 7C80579E91FCEB576181144C98EDD626 |
SHA1: | 8D091F740CCC5C884FADA52D91290D91BC6D6513 |
SHA-256: | 8CECEA5175AE550282C1D25644AE5D6E69D7A7AF39D8C864BB8D4806781E44DD |
SHA-512: | 9EC83649CA78511202DFBF3682E3D803EBA5BA9D32B6230A9B8287FB5F36787C11D633F3447F137B46063F9EF1B040DBC1944A9EF7899F3AEB92DEDEA3B67052 |
Malicious: | false |
URL: | http://nssm.cc/ |
Preview: |
File type: | |
Entropy (8bit): | 5.548858855357459 |
TrID: |
|
File name: | KsJBQmWmRc.exe |
File size: | 294'912 bytes |
MD5: | d9ec6f3a3b2ac7cd5eef07bd86e3efbc |
SHA1: | e1908caab6f938404af85a7df0f80f877a4d9ee6 |
SHA256: | 472232ca821b5c2ef562ab07f53638bc2cc82eae84cea13fbe674d6022b6481c |
SHA512: | 1b6b8702dca3cb90fe64c4e48f2477045900c5e71dd96b84f673478bab1089febfa186bfc55aebd721ca73db1669145280ebb4e1862d3b9dc21f712cd76a07c4 |
SSDEEP: | 6144:4BULviqYnI3QA7JTXRnZSHL2GZbkG/TZgLgst2rDkXNBD:wqBlG/TZgUsxXNBD |
TLSH: | 6954605263ED8A61F5F73F71683946210F36BCA19E3CC14E5390992E2CB1AA4DC747A3 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........6.Y.W...W...W....1..W....'..W.......W...W..<W.... ..W....0..W....5..W..Rich.W..................PE..L....@.T................... |
Icon Hash: | f575ea6a75343932 |
Entrypoint: | 0x413e53 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x54034094 [Sun Aug 31 15:34:44 2014 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 18e3eac3e047c2416ca9a716d742272f |
Instruction |
---|
call 00007F82C0E74529h |
jmp 00007F82C0E6F6EAh |
push 00000054h |
push 00420310h |
call 00007F82C0E72454h |
xor edi, edi |
mov dword ptr [ebp-04h], edi |
lea eax, dword ptr [ebp-64h] |
push eax |
call dword ptr [0041D27Ch] |
mov dword ptr [ebp-04h], FFFFFFFEh |
push 00000040h |
push 00000020h |
pop esi |
push esi |
call 00007F82C0E6FAB1h |
pop ecx |
pop ecx |
cmp eax, edi |
je 00007F82C0E6FA5Ah |
mov dword ptr [00423FA0h], eax |
mov dword ptr [00423F98h], esi |
lea ecx, dword ptr [eax+00000800h] |
jmp 00007F82C0E6F872h |
mov byte ptr [eax+04h], 00000000h |
or dword ptr [eax], FFFFFFFFh |
mov byte ptr [eax+05h], 0000000Ah |
mov dword ptr [eax+08h], edi |
mov byte ptr [eax+24h], 00000000h |
mov byte ptr [eax+25h], 0000000Ah |
mov byte ptr [eax+26h], 0000000Ah |
mov dword ptr [eax+38h], edi |
mov byte ptr [eax+34h], 00000000h |
add eax, 40h |
mov ecx, dword ptr [00423FA0h] |
add ecx, 00000800h |
cmp eax, ecx |
jc 00007F82C0E6F80Eh |
cmp word ptr [ebp-32h], di |
je 00007F82C0E6F950h |
mov eax, dword ptr [ebp-30h] |
cmp eax, edi |
je 00007F82C0E6F945h |
mov edi, dword ptr [eax] |
lea ebx, dword ptr [eax+04h] |
lea eax, dword ptr [ebx+edi] |
mov dword ptr [ebp-1Ch], eax |
mov esi, 00000800h |
cmp edi, esi |
jl 00007F82C0E6F844h |
mov edi, esi |
mov dword ptr [ebp-20h], 00000001h |
jmp 00007F82C0E6F89Dh |
push 00000040h |
push 00000020h |
call 00007F82C0E6FA23h |
pop ecx |
pop ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x20664 | 0x8c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x26000 | 0x25f1c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x201e8 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1d000 | 0x348 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1bc13 | 0x1be00 | False | 0.49595361547085204 | data | 6.45383075565656 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x1d000 | 0x49d2 | 0x4a00 | False | 0.3324535472972973 | data | 5.000804282504563 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x22000 | 0x30c4 | 0x1400 | False | 0.2283203125 | data | 2.4567709393695543 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x26000 | 0x25f1c | 0x26000 | False | 0.28105725740131576 | data | 4.313688247655514 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x26790 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States | 0.41134751773049644 |
RT_ICON | 0x26bf8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States | 0.11679174484052533 |
RT_ICON | 0x27ca0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States | 0.2225103734439834 |
RT_ICON | 0x2a248 | 0x422a | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9853583658046995 |
RT_DIALOG | 0x2e474 | 0x14a | data | English | United States | 0.603030303030303 |
RT_DIALOG | 0x2e5c0 | 0x16c | data | French | France | 0.5906593406593407 |
RT_DIALOG | 0x2e72c | 0x160 | data | Italian | Italy | 0.5795454545454546 |
RT_DIALOG | 0x2e88c | 0xe6 | data | English | United States | 0.6521739130434783 |
RT_DIALOG | 0x2e974 | 0x106 | data | French | France | 0.648854961832061 |
RT_DIALOG | 0x2ea7c | 0xf6 | data | Italian | Italy | 0.6300813008130082 |
RT_DIALOG | 0x2eb74 | 0x13e | data | English | United States | 0.6163522012578616 |
RT_DIALOG | 0x2ecb4 | 0x158 | data | French | France | 0.6162790697674418 |
RT_DIALOG | 0x2ee0c | 0x158 | data | Italian | Italy | 0.5959302325581395 |
RT_DIALOG | 0x2ef64 | 0x18e | data | English | United States | 0.542713567839196 |
RT_DIALOG | 0x2f0f4 | 0x192 | data | French | France | 0.5597014925373134 |
RT_DIALOG | 0x2f288 | 0x192 | data | Italian | Italy | 0.5597014925373134 |
RT_DIALOG | 0x2f41c | 0x14e | data | English | United States | 0.5838323353293413 |
RT_DIALOG | 0x2f56c | 0x15a | data | French | France | 0.5751445086705202 |
RT_DIALOG | 0x2f6c8 | 0x162 | data | Italian | Italy | 0.5621468926553672 |
RT_DIALOG | 0x2f82c | 0x1ee | data | English | United States | 0.5465587044534413 |
RT_DIALOG | 0x2fa1c | 0x216 | data | French | France | 0.5411985018726592 |
RT_DIALOG | 0x2fc34 | 0x1ea | data | Italian | Italy | 0.5224489795918368 |
RT_DIALOG | 0x2fe20 | 0x1d0 | data | 0.47844827586206895 | ||
RT_DIALOG | 0x2fff0 | 0x208 | data | French | France | 0.4634615384615385 |
RT_DIALOG | 0x301f8 | 0x1d4 | data | Italian | Italy | 0.4807692307692308 |
RT_DIALOG | 0x303cc | 0x2b8 | data | 0.4482758620689655 | ||
RT_DIALOG | 0x30684 | 0x34a | data | French | France | 0.41330166270783847 |
RT_DIALOG | 0x309d0 | 0x2cc | data | Italian | Italy | 0.4581005586592179 |
RT_DIALOG | 0x30c9c | 0x2ae | data | 0.48833819241982507 | ||
RT_DIALOG | 0x30f4c | 0x2fe | data | French | France | 0.47127937336814624 |
RT_DIALOG | 0x3124c | 0x2be | data | Italian | Italy | 0.45014245014245013 |
RT_DIALOG | 0x3150c | 0x2ac | data | 0.4473684210526316 | ||
RT_DIALOG | 0x317b8 | 0x2dc | data | French | France | 0.4344262295081967 |
RT_DIALOG | 0x31a94 | 0x2ba | data | Italian | Italy | 0.4484240687679083 |
RT_DIALOG | 0x31d50 | 0x110 | data | 0.6544117647058824 | ||
RT_DIALOG | 0x31e60 | 0x13a | data | French | France | 0.6242038216560509 |
RT_DIALOG | 0x31f9c | 0x126 | data | Italian | Italy | 0.6394557823129252 |
RT_DIALOG | 0x320c4 | 0xaa | data | English | United States | 0.7588235294117647 |
RT_DIALOG | 0x32170 | 0xa2 | data | French | France | 0.7530864197530864 |
RT_DIALOG | 0x32214 | 0xba | data | Italian | Italy | 0.7150537634408602 |
RT_DIALOG | 0x322d0 | 0x182 | data | English | United States | 0.5673575129533679 |
RT_DIALOG | 0x32454 | 0x196 | data | French | France | 0.5615763546798029 |
RT_DIALOG | 0x325ec | 0x196 | data | Italian | Italy | 0.5517241379310345 |
RT_DIALOG | 0x32784 | 0xda | data | English | United States | 0.7018348623853211 |
RT_DIALOG | 0x32860 | 0xce | data | French | France | 0.7135922330097088 |
RT_DIALOG | 0x32930 | 0xe2 | data | Italian | Italy | 0.6769911504424779 |
RT_MESSAGETABLE | 0x32a14 | 0x7840 | data | English | United States | 0.1979274948024948 |
RT_MESSAGETABLE | 0x3a254 | 0x9138 | data | French | France | 0.1919786959328599 |
RT_MESSAGETABLE | 0x4338c | 0x8758 | data | Italian | Italy | 0.18953474948048948 |
RT_GROUP_ICON | 0x4bae4 | 0x3e | data | English | United States | 0.7903225806451613 |
RT_VERSION | 0x4bb24 | 0x29c | data | English | United States | 0.5404191616766467 |
RT_MANIFEST | 0x4bdc0 | 0x15a | ASCII text, with CRLF line terminators | English | United States | 0.5491329479768786 |
DLL | Import |
---|---|
SHLWAPI.dll | PathUnquoteSpacesW, PathFindExtensionW |
KERNEL32.dll | CreateThread, SetHandleInformation, CreatePipe, DuplicateHandle, GetCommandLineW, TlsAlloc, GetProcessTimes, OpenProcess, Thread32Next, Thread32First, CreateToolhelp32Snapshot, GenerateConsoleCtrlEvent, SetConsoleCtrlHandler, GetExitCodeProcess, Process32NextW, Process32FirstW, SetCurrentDirectoryW, GetCurrentDirectoryW, GetWindowsDirectoryW, DeleteCriticalSection, UnregisterWait, WaitForSingleObject, LeaveCriticalSection, SetWaitableTimer, EnterCriticalSection, ResumeThread, SetProcessAffinityMask, RegisterWaitForSingleObject, GetSystemTimeAsFileTime, CreateWaitableTimerW, InitializeCriticalSection, ReadFile, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, HeapSize, RtlUnwind, GetLocaleInfoA, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, FlushFileBuffers, GetConsoleMode, GetConsoleCP, WideCharToMultiByte, VirtualAlloc, HeapReAlloc, GetTickCount, QueryPerformanceCounter, VirtualFree, SetLastError, HeapCreate, SetStdHandle, InitializeCriticalSectionAndSpinCount, LoadLibraryA, GetFileInformationByHandle, Sleep, SystemTimeToFileTime, CloseHandle, CompareFileTime, FileTimeToSystemTime, MoveFileW, GetSystemTime, CreateFileW, SetFilePointer, SetEndOfFile, WriteFile, FreeLibrary, GetProcAddress, LoadLibraryW, GetCurrentProcess, GetProcessAffinityMask, FindResourceExW, LoadResource, GetModuleHandleW, LocalFree, TlsGetValue, LocalAlloc, TlsSetValue, GetUserDefaultLangID, FormatMessageW, GetModuleFileNameW, CreateProcessW, TerminateProcess, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, AllocConsole, SetConsoleTitleW, GetStdHandle, FillConsoleOutputAttribute, FillConsoleOutputCharacterW, GetConsoleWindow, GetCurrentProcessId, FreeConsole, GetProcessHeap, HeapAlloc, GetComputerNameW, HeapFree, GetLastError, GetCurrentThreadId, TlsFree, IsValidCodePage, MultiByteToWideChar, ExitProcess, SetHandleCount, GetFileType, GetStartupInfoA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, GetModuleFileNameA |
USER32.dll | EnumWindows, PostThreadMessageW, PostMessageW, LoadImageW, SetWindowLongW, GetMessageW, IsDialogMessageW, TranslateMessage, DispatchMessageW, DestroyWindow, PostQuitMessage, ShowWindow, SetFocus, GetWindowLongW, CheckRadioButton, SetWindowPos, SetDlgItemInt, SetDlgItemTextW, SendMessageW, GetDlgItemTextW, GetDlgItem, EnableWindow, GetDlgItemInt, SendDlgItemMessageW, GetWindowRect, GetDesktopWindow, MoveWindow, CreateDialogIndirectParamW, MessageBoxW, MessageBoxIndirectW, GetSystemMenu, EnableMenuItem, GetWindowThreadProcessId, GetSystemMetrics |
COMDLG32.dll | GetOpenFileNameW |
ADVAPI32.dll | CreateServiceW, StartServiceW, ControlService, SetServiceStatus, DeleteService, QueryServiceConfig2W, ChangeServiceConfig2W, ChangeServiceConfigW, QueryServiceConfigW, OpenServiceW, GetServiceKeyNameW, EnumServicesStatusW, OpenSCManagerW, QueryServiceStatus, RegDeleteKeyW, RegOpenKeyExW, RegQueryValueExW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, StartServiceCtrlDispatcherW, AllocateAndInitializeSid, CheckTokenMembership, RegDeleteValueW, IsTextUnicode, RegisterEventSourceW, ReportEventW, DeregisterEventSource, GetServiceDisplayNameW, CloseServiceHandle, LsaEnumerateAccountRights, LsaAddAccountRights, FreeSid, LsaLookupSids, LsaClose, LsaLookupNames, LsaFreeMemory, IsValidSid, GetSidSubAuthorityCount, GetSidLengthRequired, GetSidIdentifierAuthority, InitializeSid, GetSidSubAuthority, LsaOpenPolicy, LsaNtStatusToWinError, RegisterServiceCtrlHandlerExW |
SHELL32.dll | ShellExecuteExW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
French | France | |
Italian | Italy |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 12, 2023 21:50:00.771200895 CET | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
Dec 12, 2023 21:50:01.075570107 CET | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
Dec 12, 2023 21:50:01.685040951 CET | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
Dec 12, 2023 21:50:01.700542927 CET | 49673 | 443 | 192.168.2.9 | 204.79.197.203 |
Dec 12, 2023 21:50:02.818162918 CET | 49676 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:02.818240881 CET | 49675 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:02.888020039 CET | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
Dec 12, 2023 21:50:03.028640032 CET | 49674 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:05.294239044 CET | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
Dec 12, 2023 21:50:07.774302959 CET | 49707 | 443 | 192.168.2.9 | 172.217.2.206 |
Dec 12, 2023 21:50:07.774348021 CET | 443 | 49707 | 172.217.2.206 | 192.168.2.9 |
Dec 12, 2023 21:50:07.774626017 CET | 49708 | 443 | 192.168.2.9 | 172.217.3.77 |
Dec 12, 2023 21:50:07.774666071 CET | 443 | 49708 | 172.217.3.77 | 192.168.2.9 |
Dec 12, 2023 21:50:07.774728060 CET | 49708 | 443 | 192.168.2.9 | 172.217.3.77 |
Dec 12, 2023 21:50:07.775015116 CET | 49708 | 443 | 192.168.2.9 | 172.217.3.77 |
Dec 12, 2023 21:50:07.775026083 CET | 443 | 49708 | 172.217.3.77 | 192.168.2.9 |
Dec 12, 2023 21:50:07.775209904 CET | 49707 | 443 | 192.168.2.9 | 172.217.2.206 |
Dec 12, 2023 21:50:07.775209904 CET | 49707 | 443 | 192.168.2.9 | 172.217.2.206 |
Dec 12, 2023 21:50:07.775243998 CET | 443 | 49707 | 172.217.2.206 | 192.168.2.9 |
Dec 12, 2023 21:50:07.782418013 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:07.783035040 CET | 49710 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:07.878987074 CET | 49711 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:07.913578033 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:07.913805008 CET | 80 | 49710 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:07.913866043 CET | 49710 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:07.916565895 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:07.916565895 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:08.010241985 CET | 80 | 49711 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:08.010348082 CET | 49711 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:08.062242031 CET | 443 | 49707 | 172.217.2.206 | 192.168.2.9 |
Dec 12, 2023 21:50:08.062447071 CET | 49707 | 443 | 192.168.2.9 | 172.217.2.206 |
Dec 12, 2023 21:50:08.062479019 CET | 443 | 49707 | 172.217.2.206 | 192.168.2.9 |
Dec 12, 2023 21:50:08.062875986 CET | 443 | 49707 | 172.217.2.206 | 192.168.2.9 |
Dec 12, 2023 21:50:08.062942028 CET | 49707 | 443 | 192.168.2.9 | 172.217.2.206 |
Dec 12, 2023 21:50:08.063920021 CET | 443 | 49707 | 172.217.2.206 | 192.168.2.9 |
Dec 12, 2023 21:50:08.063977957 CET | 49707 | 443 | 192.168.2.9 | 172.217.2.206 |
Dec 12, 2023 21:50:08.064812899 CET | 49707 | 443 | 192.168.2.9 | 172.217.2.206 |
Dec 12, 2023 21:50:08.064877987 CET | 443 | 49707 | 172.217.2.206 | 192.168.2.9 |
Dec 12, 2023 21:50:08.065011024 CET | 49707 | 443 | 192.168.2.9 | 172.217.2.206 |
Dec 12, 2023 21:50:08.065017939 CET | 443 | 49707 | 172.217.2.206 | 192.168.2.9 |
Dec 12, 2023 21:50:08.087867022 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:08.095909119 CET | 443 | 49708 | 172.217.3.77 | 192.168.2.9 |
Dec 12, 2023 21:50:08.096204996 CET | 49708 | 443 | 192.168.2.9 | 172.217.3.77 |
Dec 12, 2023 21:50:08.096229076 CET | 443 | 49708 | 172.217.3.77 | 192.168.2.9 |
Dec 12, 2023 21:50:08.097270966 CET | 443 | 49708 | 172.217.3.77 | 192.168.2.9 |
Dec 12, 2023 21:50:08.097361088 CET | 49708 | 443 | 192.168.2.9 | 172.217.3.77 |
Dec 12, 2023 21:50:08.098337889 CET | 49708 | 443 | 192.168.2.9 | 172.217.3.77 |
Dec 12, 2023 21:50:08.098387003 CET | 443 | 49708 | 172.217.3.77 | 192.168.2.9 |
Dec 12, 2023 21:50:08.098670959 CET | 49708 | 443 | 192.168.2.9 | 172.217.3.77 |
Dec 12, 2023 21:50:08.098679066 CET | 443 | 49708 | 172.217.3.77 | 192.168.2.9 |
Dec 12, 2023 21:50:08.117156029 CET | 49707 | 443 | 192.168.2.9 | 172.217.2.206 |
Dec 12, 2023 21:50:08.148051023 CET | 49708 | 443 | 192.168.2.9 | 172.217.3.77 |
Dec 12, 2023 21:50:08.330662966 CET | 443 | 49707 | 172.217.2.206 | 192.168.2.9 |
Dec 12, 2023 21:50:08.330811024 CET | 443 | 49707 | 172.217.2.206 | 192.168.2.9 |
Dec 12, 2023 21:50:08.330893040 CET | 49707 | 443 | 192.168.2.9 | 172.217.2.206 |
Dec 12, 2023 21:50:08.331377029 CET | 49707 | 443 | 192.168.2.9 | 172.217.2.206 |
Dec 12, 2023 21:50:08.331394911 CET | 443 | 49707 | 172.217.2.206 | 192.168.2.9 |
Dec 12, 2023 21:50:08.370479107 CET | 443 | 49708 | 172.217.3.77 | 192.168.2.9 |
Dec 12, 2023 21:50:08.370729923 CET | 443 | 49708 | 172.217.3.77 | 192.168.2.9 |
Dec 12, 2023 21:50:08.370804071 CET | 49708 | 443 | 192.168.2.9 | 172.217.3.77 |
Dec 12, 2023 21:50:08.377787113 CET | 49708 | 443 | 192.168.2.9 | 172.217.3.77 |
Dec 12, 2023 21:50:08.377820015 CET | 443 | 49708 | 172.217.3.77 | 192.168.2.9 |
Dec 12, 2023 21:50:10.108717918 CET | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
Dec 12, 2023 21:50:11.314672947 CET | 49673 | 443 | 192.168.2.9 | 204.79.197.203 |
Dec 12, 2023 21:50:12.097417116 CET | 49716 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:50:12.097460985 CET | 443 | 49716 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:50:12.097521067 CET | 49716 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:50:12.098021030 CET | 49716 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:50:12.098031998 CET | 443 | 49716 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:50:12.311042070 CET | 49717 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:12.311077118 CET | 443 | 49717 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:12.311150074 CET | 49717 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:12.313836098 CET | 49717 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:12.313859940 CET | 443 | 49717 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:12.378634930 CET | 443 | 49716 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:50:12.378985882 CET | 49716 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:50:12.379010916 CET | 443 | 49716 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:50:12.380043030 CET | 443 | 49716 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:50:12.380115986 CET | 49716 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:50:12.381028891 CET | 49716 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:50:12.381087065 CET | 443 | 49716 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:50:12.424000025 CET | 49676 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:12.424021959 CET | 49675 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:12.424032927 CET | 49716 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:50:12.424043894 CET | 443 | 49716 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:50:12.469844103 CET | 49716 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:50:12.573606014 CET | 443 | 49717 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:12.573764086 CET | 49717 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:12.578326941 CET | 49717 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:12.578353882 CET | 443 | 49717 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:12.578655005 CET | 443 | 49717 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:12.622927904 CET | 49717 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:12.634510994 CET | 49717 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:12.640552044 CET | 49674 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:12.680737019 CET | 443 | 49717 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:12.816459894 CET | 443 | 49717 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:12.816648960 CET | 443 | 49717 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:12.816735029 CET | 49717 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:12.820024014 CET | 49717 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:12.820049047 CET | 443 | 49717 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:12.820081949 CET | 49717 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:12.820087910 CET | 443 | 49717 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:12.870357037 CET | 49718 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:12.870387077 CET | 443 | 49718 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:12.870471954 CET | 49718 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:12.870795965 CET | 49718 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:12.870804071 CET | 443 | 49718 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:13.126388073 CET | 443 | 49718 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:13.126496077 CET | 49718 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:13.129266977 CET | 49718 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:13.129273891 CET | 443 | 49718 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:13.129512072 CET | 443 | 49718 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:13.130604029 CET | 49718 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:13.172739983 CET | 443 | 49718 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:13.382761002 CET | 443 | 49718 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:13.382874012 CET | 443 | 49718 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:13.383045912 CET | 49718 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:13.384202003 CET | 49718 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:13.384212971 CET | 443 | 49718 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:13.384226084 CET | 49718 | 443 | 192.168.2.9 | 23.204.76.112 |
Dec 12, 2023 21:50:13.384231091 CET | 443 | 49718 | 23.204.76.112 | 192.168.2.9 |
Dec 12, 2023 21:50:14.089973927 CET | 443 | 49704 | 23.206.229.209 | 192.168.2.9 |
Dec 12, 2023 21:50:14.090082884 CET | 49704 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:18.046740055 CET | 80 | 49710 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:18.046888113 CET | 49710 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:18.065191031 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:18.065232038 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:18.065313101 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:18.083044052 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:18.083493948 CET | 49710 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:18.083564997 CET | 49710 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:18.083770990 CET | 49711 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:18.142133951 CET | 80 | 49711 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:18.142235041 CET | 49711 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:18.142338037 CET | 49711 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:18.149631977 CET | 49719 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:18.214319944 CET | 80 | 49710 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:18.214337111 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:18.214406013 CET | 80 | 49710 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:18.214901924 CET | 80 | 49711 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:18.273415089 CET | 80 | 49711 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:18.273438931 CET | 80 | 49711 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:18.280303001 CET | 80 | 49719 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:18.280399084 CET | 49719 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:18.280581951 CET | 49719 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:18.452821016 CET | 80 | 49719 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:19.710309029 CET | 49677 | 443 | 192.168.2.9 | 20.189.173.11 |
Dec 12, 2023 21:50:22.368880987 CET | 443 | 49716 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:50:22.368954897 CET | 443 | 49716 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:50:22.369008064 CET | 49716 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:50:23.163314104 CET | 49720 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:50:23.163348913 CET | 443 | 49720 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:50:23.163424969 CET | 49720 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:50:23.165570021 CET | 49720 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:50:23.165587902 CET | 443 | 49720 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:50:23.693723917 CET | 443 | 49720 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:50:23.693898916 CET | 49720 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:50:23.695784092 CET | 49720 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:50:23.695816040 CET | 443 | 49720 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:50:23.696151018 CET | 443 | 49720 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:50:23.736093044 CET | 49720 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:50:23.822550058 CET | 49720 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:50:23.861232042 CET | 49716 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:50:23.861254930 CET | 443 | 49716 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:50:23.868755102 CET | 443 | 49720 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:50:24.089056969 CET | 49704 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:24.089145899 CET | 49704 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:24.089545965 CET | 49722 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:24.089582920 CET | 443 | 49722 | 23.206.229.209 | 192.168.2.9 |
Dec 12, 2023 21:50:24.089664936 CET | 49722 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:24.090389013 CET | 49722 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:24.090400934 CET | 443 | 49722 | 23.206.229.209 | 192.168.2.9 |
Dec 12, 2023 21:50:24.194725990 CET | 443 | 49720 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:50:24.194750071 CET | 443 | 49720 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:50:24.194757938 CET | 443 | 49720 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:50:24.194767952 CET | 443 | 49720 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:50:24.194797993 CET | 443 | 49720 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:50:24.194849014 CET | 49720 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:50:24.194865942 CET | 443 | 49720 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:50:24.194876909 CET | 443 | 49720 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:50:24.194905043 CET | 443 | 49720 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:50:24.194926977 CET | 49720 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:50:24.194927931 CET | 49720 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:50:24.194983959 CET | 49720 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:50:24.214310884 CET | 49720 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:50:24.214334965 CET | 443 | 49720 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:50:24.214370012 CET | 49720 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:50:24.214378119 CET | 443 | 49720 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:50:24.276897907 CET | 443 | 49704 | 23.206.229.209 | 192.168.2.9 |
Dec 12, 2023 21:50:24.276920080 CET | 443 | 49704 | 23.206.229.209 | 192.168.2.9 |
Dec 12, 2023 21:50:24.477550030 CET | 443 | 49722 | 23.206.229.209 | 192.168.2.9 |
Dec 12, 2023 21:50:24.477649927 CET | 49722 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:24.496567011 CET | 49722 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:24.496586084 CET | 443 | 49722 | 23.206.229.209 | 192.168.2.9 |
Dec 12, 2023 21:50:24.496985912 CET | 443 | 49722 | 23.206.229.209 | 192.168.2.9 |
Dec 12, 2023 21:50:24.497090101 CET | 49722 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:24.497575998 CET | 49722 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:24.497605085 CET | 443 | 49722 | 23.206.229.209 | 192.168.2.9 |
Dec 12, 2023 21:50:24.497757912 CET | 49722 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:24.540733099 CET | 443 | 49722 | 23.206.229.209 | 192.168.2.9 |
Dec 12, 2023 21:50:24.946218967 CET | 443 | 49722 | 23.206.229.209 | 192.168.2.9 |
Dec 12, 2023 21:50:24.946316957 CET | 49722 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:24.946332932 CET | 443 | 49722 | 23.206.229.209 | 192.168.2.9 |
Dec 12, 2023 21:50:24.946388006 CET | 49722 | 443 | 192.168.2.9 | 23.206.229.209 |
Dec 12, 2023 21:50:28.219902039 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.219923019 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.220004082 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:28.223505974 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:28.355050087 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.415509939 CET | 80 | 49719 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.415556908 CET | 80 | 49719 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.415597916 CET | 80 | 49719 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.415635109 CET | 49719 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:28.415636063 CET | 80 | 49719 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.415677071 CET | 80 | 49719 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.415687084 CET | 49719 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:28.415715933 CET | 80 | 49719 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.415752888 CET | 80 | 49719 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.415764093 CET | 49719 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:28.468976021 CET | 49719 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:28.590064049 CET | 49723 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:28.689136028 CET | 49724 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:28.721263885 CET | 80 | 49723 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.721355915 CET | 49723 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:28.721520901 CET | 49723 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:28.819952965 CET | 80 | 49724 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.820053101 CET | 49724 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:28.855480909 CET | 80 | 49723 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.855530024 CET | 80 | 49723 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.855567932 CET | 80 | 49723 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.855586052 CET | 49723 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:28.855606079 CET | 80 | 49723 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.855658054 CET | 49723 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:28.855669022 CET | 80 | 49723 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.855706930 CET | 80 | 49723 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.855798960 CET | 80 | 49723 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:28.855813026 CET | 49723 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:28.896639109 CET | 49723 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:38.357728958 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:38.370182037 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:38.502286911 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:38.951471090 CET | 80 | 49724 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:38.951534986 CET | 49724 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.417012930 CET | 80 | 49719 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.417083979 CET | 49719 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.506268024 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.506328106 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.506386995 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.506423950 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.506460905 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.506516933 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.506545067 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.506624937 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.506639004 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.506676912 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.506714106 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.506752014 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.506789923 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.506879091 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.637788057 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.637841940 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.637855053 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.637881041 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.637908936 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.637964010 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.637989044 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.638061047 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.638107061 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.638138056 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.638174057 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.638211012 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.638214111 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.638236046 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.638274908 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.638290882 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.638303995 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.638317108 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.638329029 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.638336897 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.638365984 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.638367891 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.638377905 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.638390064 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.638401985 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.638452053 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.638457060 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.638469934 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.638536930 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.769428015 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.769478083 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.769516945 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.769548893 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.769690990 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.769742012 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.769750118 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.769824028 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.769865036 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.769937038 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.770231962 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.770276070 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.770307064 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.770518064 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.770562887 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.770576954 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.770647049 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.770690918 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.770740032 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.771064043 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.771151066 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.771162033 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.771507978 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.771555901 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.771636963 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.771734953 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.771780014 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.771817923 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.771909952 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.771955013 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.772147894 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.772248983 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.772291899 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.772324085 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.772505045 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.772547007 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.772675037 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.772780895 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.772824049 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.772999048 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.773184061 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.773232937 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.773330927 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.773370028 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.773405075 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.773468018 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.773513079 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.773561954 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.777970076 CET | 49719 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.778109074 CET | 49723 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.856352091 CET | 80 | 49723 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.856532097 CET | 49723 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.856693029 CET | 49723 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.856992960 CET | 49724 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.857045889 CET | 49724 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.857527018 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.908606052 CET | 80 | 49719 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.909090996 CET | 80 | 49723 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.987752914 CET | 80 | 49723 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.987792015 CET | 80 | 49723 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.988111019 CET | 80 | 49724 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.988183022 CET | 80 | 49724 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.989073992 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:48.989166975 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:48.989331961 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.124691963 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.124716043 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.124737978 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.124789000 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.124857903 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.124872923 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.124885082 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.124897003 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.124905109 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.124910116 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.124923944 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.124923944 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.124939919 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.124953032 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.124979019 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.255556107 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.255599976 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.255641937 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.255671978 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.255681038 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.255721092 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.255731106 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.255760908 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.255816936 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.255868912 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.255907059 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.255945921 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.255955935 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.255985022 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.256026030 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.256031990 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.256068945 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.256107092 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.256112099 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.256145000 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.256182909 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.256185055 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.256221056 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.256257057 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.256266117 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.256297112 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.256335974 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.256346941 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.256376028 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.256414890 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.387360096 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.387406111 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.387458086 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.387494087 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.387522936 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.387558937 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.387651920 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.387706041 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.387746096 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.387754917 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.387785912 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.387824059 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.387831926 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.387866974 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.387914896 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.387917042 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.387957096 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.387994051 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388005018 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.388031960 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388070107 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388079882 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.388108015 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388149023 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388156891 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.388185978 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388223886 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388232946 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.388263941 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388300896 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388309002 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.388341904 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388379097 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388389111 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.388417959 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388454914 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388459921 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.388494968 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388533115 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388540983 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.388570070 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388624907 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388632059 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.388662100 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388699055 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388712883 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:50:49.388755083 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:50:49.388799906 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:51:00.646866083 CET | 49726 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:51:00.646908998 CET | 443 | 49726 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:51:00.646991968 CET | 49726 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:51:00.647702932 CET | 49726 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:51:00.647720098 CET | 443 | 49726 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:51:01.188986063 CET | 443 | 49726 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:51:01.189140081 CET | 49726 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:51:01.191267014 CET | 49726 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:51:01.191282034 CET | 443 | 49726 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:51:01.191773891 CET | 443 | 49726 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:51:01.193113089 CET | 49726 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:51:01.240741968 CET | 443 | 49726 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:51:01.688467979 CET | 443 | 49726 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:51:01.688503027 CET | 443 | 49726 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:51:01.688522100 CET | 443 | 49726 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:51:01.688595057 CET | 49726 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:51:01.688615084 CET | 443 | 49726 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:51:01.688662052 CET | 49726 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:51:01.688853025 CET | 443 | 49726 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:51:01.688895941 CET | 443 | 49726 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:51:01.688916922 CET | 49726 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:51:01.688927889 CET | 443 | 49726 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:51:01.688956976 CET | 443 | 49726 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:51:01.688962936 CET | 49726 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:51:01.688997984 CET | 49726 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:51:01.692615986 CET | 49726 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:51:01.692634106 CET | 443 | 49726 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:51:01.692651033 CET | 49726 | 443 | 192.168.2.9 | 52.165.165.26 |
Dec 12, 2023 21:51:01.692657948 CET | 443 | 49726 | 52.165.165.26 | 192.168.2.9 |
Dec 12, 2023 21:51:08.770472050 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:51:08.770710945 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:51:09.389178038 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:51:09.389349937 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:51:09.862941980 CET | 49725 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:51:09.863038063 CET | 49709 | 80 | 192.168.2.9 | 104.156.51.181 |
Dec 12, 2023 21:51:09.993869066 CET | 80 | 49725 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:51:09.994195938 CET | 80 | 49709 | 104.156.51.181 | 192.168.2.9 |
Dec 12, 2023 21:51:12.031456947 CET | 49728 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:51:12.031482935 CET | 443 | 49728 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:51:12.031574011 CET | 49728 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:51:12.031786919 CET | 49728 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:51:12.031796932 CET | 443 | 49728 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:51:12.318422079 CET | 443 | 49728 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:51:12.318805933 CET | 49728 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:51:12.318871975 CET | 443 | 49728 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:51:12.319264889 CET | 443 | 49728 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:51:12.319597960 CET | 49728 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:51:12.319684029 CET | 443 | 49728 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:51:12.374129057 CET | 49728 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:51:22.323431969 CET | 443 | 49728 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:51:22.323509932 CET | 443 | 49728 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:51:22.323776960 CET | 49728 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:51:23.859791040 CET | 49728 | 443 | 192.168.2.9 | 142.251.35.228 |
Dec 12, 2023 21:51:23.859846115 CET | 443 | 49728 | 142.251.35.228 | 192.168.2.9 |
Dec 12, 2023 21:51:37.117139101 CET | 49729 | 443 | 192.168.2.9 | 142.250.217.174 |
Dec 12, 2023 21:51:37.117172956 CET | 443 | 49729 | 142.250.217.174 | 192.168.2.9 |
Dec 12, 2023 21:51:37.117234945 CET | 49729 | 443 | 192.168.2.9 | 142.250.217.174 |
Dec 12, 2023 21:51:37.117712975 CET | 49729 | 443 | 192.168.2.9 | 142.250.217.174 |
Dec 12, 2023 21:51:37.117726088 CET | 443 | 49729 | 142.250.217.174 | 192.168.2.9 |
Dec 12, 2023 21:51:37.396923065 CET | 443 | 49729 | 142.250.217.174 | 192.168.2.9 |
Dec 12, 2023 21:51:37.397236109 CET | 49729 | 443 | 192.168.2.9 | 142.250.217.174 |
Dec 12, 2023 21:51:37.397257090 CET | 443 | 49729 | 142.250.217.174 | 192.168.2.9 |
Dec 12, 2023 21:51:37.397659063 CET | 443 | 49729 | 142.250.217.174 | 192.168.2.9 |
Dec 12, 2023 21:51:37.397739887 CET | 49729 | 443 | 192.168.2.9 | 142.250.217.174 |
Dec 12, 2023 21:51:37.398396969 CET | 443 | 49729 | 142.250.217.174 | 192.168.2.9 |
Dec 12, 2023 21:51:37.398453951 CET | 49729 | 443 | 192.168.2.9 | 142.250.217.174 |
Dec 12, 2023 21:51:37.399558067 CET | 49729 | 443 | 192.168.2.9 | 142.250.217.174 |
Dec 12, 2023 21:51:37.399625063 CET | 443 | 49729 | 142.250.217.174 | 192.168.2.9 |
Dec 12, 2023 21:51:37.399715900 CET | 49729 | 443 | 192.168.2.9 | 142.250.217.174 |
Dec 12, 2023 21:51:37.399723053 CET | 443 | 49729 | 142.250.217.174 | 192.168.2.9 |
Dec 12, 2023 21:51:37.452630997 CET | 49729 | 443 | 192.168.2.9 | 142.250.217.174 |
Dec 12, 2023 21:51:37.663573980 CET | 443 | 49729 | 142.250.217.174 | 192.168.2.9 |
Dec 12, 2023 21:51:37.663707018 CET | 443 | 49729 | 142.250.217.174 | 192.168.2.9 |
Dec 12, 2023 21:51:37.663892031 CET | 49729 | 443 | 192.168.2.9 | 142.250.217.174 |
Dec 12, 2023 21:51:37.664566994 CET | 49729 | 443 | 192.168.2.9 | 142.250.217.174 |
Dec 12, 2023 21:51:37.664582014 CET | 443 | 49729 | 142.250.217.174 | 192.168.2.9 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 12, 2023 21:50:07.621325970 CET | 62438 | 53 | 192.168.2.9 | 1.1.1.1 |
Dec 12, 2023 21:50:07.621495008 CET | 60709 | 53 | 192.168.2.9 | 1.1.1.1 |
Dec 12, 2023 21:50:07.637573004 CET | 57459 | 53 | 192.168.2.9 | 1.1.1.1 |
Dec 12, 2023 21:50:07.637741089 CET | 52952 | 53 | 192.168.2.9 | 1.1.1.1 |
Dec 12, 2023 21:50:07.638087034 CET | 57218 | 53 | 192.168.2.9 | 1.1.1.1 |
Dec 12, 2023 21:50:07.638240099 CET | 57874 | 53 | 192.168.2.9 | 1.1.1.1 |
Dec 12, 2023 21:50:07.746783972 CET | 53 | 63879 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:50:07.755050898 CET | 53 | 60709 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:50:07.766231060 CET | 53 | 57874 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:50:07.766494989 CET | 53 | 57218 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:50:07.766618967 CET | 53 | 57459 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:50:07.767776012 CET | 53 | 52952 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:50:07.781657934 CET | 53 | 62438 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:50:08.520752907 CET | 53 | 53382 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:50:11.970232010 CET | 64365 | 53 | 192.168.2.9 | 1.1.1.1 |
Dec 12, 2023 21:50:11.970618010 CET | 62183 | 53 | 192.168.2.9 | 1.1.1.1 |
Dec 12, 2023 21:50:12.095704079 CET | 53 | 62183 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:50:12.095810890 CET | 53 | 64365 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:50:25.424209118 CET | 53 | 58936 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:50:28.426070929 CET | 50941 | 53 | 192.168.2.9 | 1.1.1.1 |
Dec 12, 2023 21:50:28.426451921 CET | 57182 | 53 | 192.168.2.9 | 1.1.1.1 |
Dec 12, 2023 21:50:28.561134100 CET | 53 | 57182 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:50:28.586548090 CET | 53 | 50941 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:50:44.487504959 CET | 53 | 60118 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:51:00.193259001 CET | 138 | 138 | 192.168.2.9 | 192.168.2.255 |
Dec 12, 2023 21:51:06.830130100 CET | 53 | 59407 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:51:07.268498898 CET | 53 | 62843 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:51:36.001269102 CET | 53 | 59373 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:51:36.990071058 CET | 57888 | 53 | 192.168.2.9 | 1.1.1.1 |
Dec 12, 2023 21:51:36.991229057 CET | 59371 | 53 | 192.168.2.9 | 1.1.1.1 |
Dec 12, 2023 21:51:37.115798950 CET | 53 | 57888 | 1.1.1.1 | 192.168.2.9 |
Dec 12, 2023 21:51:37.116547108 CET | 53 | 59371 | 1.1.1.1 | 192.168.2.9 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Dec 12, 2023 21:50:07.621325970 CET | 192.168.2.9 | 1.1.1.1 | 0xe349 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 12, 2023 21:50:07.621495008 CET | 192.168.2.9 | 1.1.1.1 | 0x2ea | Standard query (0) | 65 | IN (0x0001) | false | |
Dec 12, 2023 21:50:07.637573004 CET | 192.168.2.9 | 1.1.1.1 | 0xe8f6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 12, 2023 21:50:07.637741089 CET | 192.168.2.9 | 1.1.1.1 | 0x6179 | Standard query (0) | 65 | IN (0x0001) | false | |
Dec 12, 2023 21:50:07.638087034 CET | 192.168.2.9 | 1.1.1.1 | 0xb118 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 12, 2023 21:50:07.638240099 CET | 192.168.2.9 | 1.1.1.1 | 0x78a4 | Standard query (0) | 65 | IN (0x0001) | false | |
Dec 12, 2023 21:50:11.970232010 CET | 192.168.2.9 | 1.1.1.1 | 0x7cf6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 12, 2023 21:50:11.970618010 CET | 192.168.2.9 | 1.1.1.1 | 0x4452 | Standard query (0) | 65 | IN (0x0001) | false | |
Dec 12, 2023 21:50:28.426070929 CET | 192.168.2.9 | 1.1.1.1 | 0x51b6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 12, 2023 21:50:28.426451921 CET | 192.168.2.9 | 1.1.1.1 | 0x900d | Standard query (0) | 65 | IN (0x0001) | false | |
Dec 12, 2023 21:51:36.990071058 CET | 192.168.2.9 | 1.1.1.1 | 0xe3f3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Dec 12, 2023 21:51:36.991229057 CET | 192.168.2.9 | 1.1.1.1 | 0xcb53 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Dec 12, 2023 21:50:07.766494989 CET | 1.1.1.1 | 192.168.2.9 | 0xb118 | No error (0) | 172.217.3.77 | A (IP address) | IN (0x0001) | false | ||
Dec 12, 2023 21:50:07.766618967 CET | 1.1.1.1 | 192.168.2.9 | 0xe8f6 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Dec 12, 2023 21:50:07.766618967 CET | 1.1.1.1 | 192.168.2.9 | 0xe8f6 | No error (0) | 172.217.2.206 | A (IP address) | IN (0x0001) | false | ||
Dec 12, 2023 21:50:07.767776012 CET | 1.1.1.1 | 192.168.2.9 | 0x6179 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Dec 12, 2023 21:50:07.781657934 CET | 1.1.1.1 | 192.168.2.9 | 0xe349 | No error (0) | 104.156.51.181 | A (IP address) | IN (0x0001) | false | ||
Dec 12, 2023 21:50:12.095704079 CET | 1.1.1.1 | 192.168.2.9 | 0x4452 | No error (0) | 65 | IN (0x0001) | false | |||
Dec 12, 2023 21:50:12.095810890 CET | 1.1.1.1 | 192.168.2.9 | 0x7cf6 | No error (0) | 142.251.35.228 | A (IP address) | IN (0x0001) | false | ||
Dec 12, 2023 21:50:28.586548090 CET | 1.1.1.1 | 192.168.2.9 | 0x51b6 | No error (0) | 104.156.51.181 | A (IP address) | IN (0x0001) | false | ||
Dec 12, 2023 21:51:37.115798950 CET | 1.1.1.1 | 192.168.2.9 | 0xe3f3 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Dec 12, 2023 21:51:37.115798950 CET | 1.1.1.1 | 192.168.2.9 | 0xe3f3 | No error (0) | 142.250.217.174 | A (IP address) | IN (0x0001) | false | ||
Dec 12, 2023 21:51:37.116547108 CET | 1.1.1.1 | 192.168.2.9 | 0xcb53 | No error (0) | clients.l.google.com | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.9 | 49709 | 104.156.51.181 | 80 | 8104 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Dec 12, 2023 21:50:07.916565895 CET | 422 | OUT | |
Dec 12, 2023 21:50:18.065191031 CET | 1286 | IN |