Windows
Analysis Report
http://rtb.adentifi.com
Overview
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 6408 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6104 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2280 --fi eld-trial- handle=222 0,i,162429 4642256511 6749,10708 8451258510 23013,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 3064 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://rtb.ad entifi.com " MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
rtb.adentifi.com | 23.22.126.75 | true | false | unknown | |
www.google.com | 142.250.31.105 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.31.105 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
54.227.94.79 | unknown | United States | 14618 | AMAZON-AESUS | false | |
23.22.126.75 | rtb.adentifi.com | United States | 14618 | AMAZON-AESUS | false |
IP |
---|
192.168.2.8 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417257 |
Start date and time: | 2024-03-28 20:07:47 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 14s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://rtb.adentifi.com |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@16/6@6/5 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.253.115.94, 142.251.16.101, 142.251.16.139, 142.251.16.100, 142.251.16.102, 142.251.16.138, 142.251.16.113, 142.251.111.84, 34.104.35.123, 52.165.165.26, 192.229.211.108, 52.165.164.15, 13.85.23.206, 142.251.16.94
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: http://rtb.adentifi.com
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9871794644379768 |
Encrypted: | false |
SSDEEP: | 48:8fa0dlTth8H8idAKZdA1oehwiZUklqehTy+3:8iqHaIy |
MD5: | 8C4201EA5408BD10B2BB5CBA5938FDAA |
SHA1: | 2A3705CA0FDC38F5D126FFB881178E115B7642C1 |
SHA-256: | B39B99FD87B90C7D36B35606CBECCAB7F3FEDCD4CBFA91DA4B828E61CD541E44 |
SHA-512: | 49818B3FE1744554C4A6FAFED0BB68FB590A36DD729F81619FC313946643BDDE24DD17EF1E9891D66D7FA4538761952C5056D75BD243D504A9D028DE697C5111 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.000009396903408 |
Encrypted: | false |
SSDEEP: | 48:8C0dlTth8H8idAKZdA1leh/iZUkAQkqeh4y+2:8CqHw9Q1y |
MD5: | 1D914546270F783D282BCD8D59A930E0 |
SHA1: | A1715378708C200AB697EB6B0138B815BDE082B4 |
SHA-256: | 3CB3E4279BA91688A2F59C0DC4F77D2D6C16BCA6FC640AEE428EA847B4D5ED2B |
SHA-512: | 3F5A031B4A0AFF4A9AE2BE91FC657A34A493F94DEC5C663A3AA85D46E89F79DA2D3750F3F1BC58F43D04C83D3A66F4376B35815A9FAD53D54CE09253DF419877 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.012259865910116 |
Encrypted: | false |
SSDEEP: | 48:840dlTthbH8idAKZdA14t5eh7sFiZUkmgqeh7s6y+BX:84qHVnUy |
MD5: | 66FEDBA290F7CD59D0B419F938748D30 |
SHA1: | 550E7E78C1D51B1B1D5D05B2A42F72BEBCB6AC27 |
SHA-256: | 7F8F69C11506F14F0B6B3FCF990FEB2E96FA74C4A3C15D224A3BC42038C71162 |
SHA-512: | 1737ED250D7D0D8272271BD87088F41E909B9E721015E743F59BC71ED42F30F0D865E05E2E24DE291127A4274D259CF0DAB48BA44919D77BC4DBC436790C88B7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.996445520689049 |
Encrypted: | false |
SSDEEP: | 48:8W0dlTth8H8idAKZdA16ehDiZUkwqeh8y+R:8WqHrCy |
MD5: | FCFB284BE7F42BF7D5F05B96785748B5 |
SHA1: | 4FBB0EC5C8087A9CA3C55ED77F9E11AD55D4ED1E |
SHA-256: | EDC7D5720306FD082DAD5B9E760C0FCDB2575CECAFDEE49A693FF23C94B3AD50 |
SHA-512: | 4B471B50407091D2E9C830E7E524ECF044C83B4DBD62A0ECA812D48674AD7FA0935FD180CAFE7CB7CC121450C45028484F1C6D52FFCA429157B8D31841F3357A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.989060232119426 |
Encrypted: | false |
SSDEEP: | 48:8M0dlTth8H8idAKZdA1UehBiZUk1W1qehGy+C:8MqHL9my |
MD5: | 54EA4869824CDA62377D9AC05E593F83 |
SHA1: | C7A7EA76EBDFFA7D5BAC8F2D474B4F08E5CE46E4 |
SHA-256: | F1B9EF3B763350315B82E8832EEFA86366A642BAF6070AB9368AB7AB754CF80B |
SHA-512: | 777678A88ABCFB27BADE26D548392D4B4F6F10AD44201263E5194AAD69C72D1E593B2A8524E2C0105631C2BD0F8C2DC6431EBC4B27762DACB54A20513238CA56 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 4.000473246842972 |
Encrypted: | false |
SSDEEP: | 48:810dlTth8H8idAKZdA1duTrehOuTbbiZUk5OjqehOuTbUy+yT+:81qHETYTbxWOvTbUy7T |
MD5: | 4B4E59CF001DF96865B76B2633B4FB7C |
SHA1: | 7D102B9597C06D8079D9E89279D93208110CC2C2 |
SHA-256: | 295D36DD58FD5A8BDB3FB84F87632AF5C11BFC9304F1754E303CD8ED7E266FBA |
SHA-512: | 0E995590C5DBD58AAB6444A8EAC3A699A9F950D53531EA0A1D623F72A8C29CD0E77D9868DD18AC99BC0182935D53B8412201D8860CBA6B6EE39E1B8FD8369EE2 |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 28, 2024 20:08:30.404851913 CET | 49676 | 443 | 192.168.2.8 | 52.182.143.211 |
Mar 28, 2024 20:08:32.811094046 CET | 49676 | 443 | 192.168.2.8 | 52.182.143.211 |
Mar 28, 2024 20:08:33.607979059 CET | 49673 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:08:33.967318058 CET | 49672 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:08:37.730017900 CET | 49676 | 443 | 192.168.2.8 | 52.182.143.211 |
Mar 28, 2024 20:08:39.036859989 CET | 49671 | 443 | 192.168.2.8 | 204.79.197.203 |
Mar 28, 2024 20:08:40.075200081 CET | 49710 | 80 | 192.168.2.8 | 23.22.126.75 |
Mar 28, 2024 20:08:40.075355053 CET | 49711 | 80 | 192.168.2.8 | 23.22.126.75 |
Mar 28, 2024 20:08:40.089700937 CET | 49712 | 443 | 192.168.2.8 | 54.227.94.79 |
Mar 28, 2024 20:08:40.089744091 CET | 443 | 49712 | 54.227.94.79 | 192.168.2.8 |
Mar 28, 2024 20:08:40.089811087 CET | 49712 | 443 | 192.168.2.8 | 54.227.94.79 |
Mar 28, 2024 20:08:40.090056896 CET | 49712 | 443 | 192.168.2.8 | 54.227.94.79 |
Mar 28, 2024 20:08:40.090074062 CET | 443 | 49712 | 54.227.94.79 | 192.168.2.8 |
Mar 28, 2024 20:08:40.169672012 CET | 80 | 49711 | 23.22.126.75 | 192.168.2.8 |
Mar 28, 2024 20:08:40.169811010 CET | 49711 | 80 | 192.168.2.8 | 23.22.126.75 |
Mar 28, 2024 20:08:40.169919968 CET | 80 | 49710 | 23.22.126.75 | 192.168.2.8 |
Mar 28, 2024 20:08:40.169981003 CET | 49710 | 80 | 192.168.2.8 | 23.22.126.75 |
Mar 28, 2024 20:08:40.208311081 CET | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Mar 28, 2024 20:08:40.208417892 CET | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:08:40.386996031 CET | 443 | 49712 | 54.227.94.79 | 192.168.2.8 |
Mar 28, 2024 20:08:40.387351036 CET | 49712 | 443 | 192.168.2.8 | 54.227.94.79 |
Mar 28, 2024 20:08:40.387381077 CET | 443 | 49712 | 54.227.94.79 | 192.168.2.8 |
Mar 28, 2024 20:08:40.388571024 CET | 443 | 49712 | 54.227.94.79 | 192.168.2.8 |
Mar 28, 2024 20:08:40.388645887 CET | 49712 | 443 | 192.168.2.8 | 54.227.94.79 |
Mar 28, 2024 20:08:40.389749050 CET | 49712 | 443 | 192.168.2.8 | 54.227.94.79 |
Mar 28, 2024 20:08:40.389837980 CET | 443 | 49712 | 54.227.94.79 | 192.168.2.8 |
Mar 28, 2024 20:08:40.390007019 CET | 49712 | 443 | 192.168.2.8 | 54.227.94.79 |
Mar 28, 2024 20:08:40.390014887 CET | 443 | 49712 | 54.227.94.79 | 192.168.2.8 |
Mar 28, 2024 20:08:40.442775011 CET | 49712 | 443 | 192.168.2.8 | 54.227.94.79 |
Mar 28, 2024 20:08:40.486113071 CET | 443 | 49712 | 54.227.94.79 | 192.168.2.8 |
Mar 28, 2024 20:08:40.486211061 CET | 443 | 49712 | 54.227.94.79 | 192.168.2.8 |
Mar 28, 2024 20:08:40.486265898 CET | 49712 | 443 | 192.168.2.8 | 54.227.94.79 |
Mar 28, 2024 20:08:40.488070965 CET | 49712 | 443 | 192.168.2.8 | 54.227.94.79 |
Mar 28, 2024 20:08:40.488090038 CET | 443 | 49712 | 54.227.94.79 | 192.168.2.8 |
Mar 28, 2024 20:08:40.488101006 CET | 49712 | 443 | 192.168.2.8 | 54.227.94.79 |
Mar 28, 2024 20:08:40.488137960 CET | 49712 | 443 | 192.168.2.8 | 54.227.94.79 |
Mar 28, 2024 20:08:41.657207012 CET | 49715 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:08:41.657244921 CET | 443 | 49715 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:08:41.657310963 CET | 49715 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:08:41.657536983 CET | 49715 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:08:41.657548904 CET | 443 | 49715 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:08:41.881695032 CET | 443 | 49715 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:08:41.890136957 CET | 49715 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:08:41.890155077 CET | 443 | 49715 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:08:41.891427040 CET | 443 | 49715 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:08:41.891480923 CET | 49715 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:08:41.893114090 CET | 49715 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:08:41.893201113 CET | 443 | 49715 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:08:41.943746090 CET | 49715 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:08:41.943768978 CET | 443 | 49715 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:08:41.990622044 CET | 49715 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:08:43.220536947 CET | 49673 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:08:43.579895973 CET | 49672 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:08:43.638381004 CET | 49716 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:43.638426065 CET | 443 | 49716 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:43.638542891 CET | 49716 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:43.641949892 CET | 49716 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:43.641962051 CET | 443 | 49716 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:43.855036020 CET | 443 | 49716 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:43.855109930 CET | 49716 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:43.862582922 CET | 49716 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:43.862608910 CET | 443 | 49716 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:43.862946033 CET | 443 | 49716 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:43.904649019 CET | 49716 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:43.921130896 CET | 49716 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:43.964236975 CET | 443 | 49716 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:44.050571918 CET | 443 | 49716 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:44.050652027 CET | 443 | 49716 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:44.050725937 CET | 49716 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:44.050820112 CET | 49716 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:44.050847054 CET | 443 | 49716 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:44.050860882 CET | 49716 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:44.050867081 CET | 443 | 49716 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:44.084794044 CET | 49717 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:44.084832907 CET | 443 | 49717 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:44.084907055 CET | 49717 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:44.085283041 CET | 49717 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:44.085299015 CET | 443 | 49717 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:44.294483900 CET | 443 | 49717 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:44.294593096 CET | 49717 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:44.297913074 CET | 49717 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:44.297924995 CET | 443 | 49717 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:44.298216105 CET | 443 | 49717 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:44.300580025 CET | 49717 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:44.348231077 CET | 443 | 49717 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:44.499612093 CET | 443 | 49717 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:44.499708891 CET | 443 | 49717 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:44.500160933 CET | 49717 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:44.579289913 CET | 49717 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:44.579315901 CET | 443 | 49717 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:44.579351902 CET | 49717 | 443 | 192.168.2.8 | 23.196.184.112 |
Mar 28, 2024 20:08:44.579359055 CET | 443 | 49717 | 23.196.184.112 | 192.168.2.8 |
Mar 28, 2024 20:08:47.329901934 CET | 49676 | 443 | 192.168.2.8 | 52.182.143.211 |
Mar 28, 2024 20:08:51.906759977 CET | 443 | 49715 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:08:51.906860113 CET | 443 | 49715 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:08:51.907006025 CET | 49715 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:08:52.666986942 CET | 49715 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:08:52.667021990 CET | 443 | 49715 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:08:54.278346062 CET | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:08:54.435034037 CET | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Mar 28, 2024 20:08:54.436261892 CET | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Mar 28, 2024 20:08:54.436276913 CET | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Mar 28, 2024 20:08:54.436306000 CET | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Mar 28, 2024 20:08:54.436317921 CET | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Mar 28, 2024 20:08:54.436341047 CET | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:08:54.436373949 CET | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:08:55.810101032 CET | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:08:55.970478058 CET | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Mar 28, 2024 20:08:55.970546961 CET | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:08:55.971683025 CET | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:08:55.971852064 CET | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:08:55.972220898 CET | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:08:55.972364902 CET | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:08:56.128618002 CET | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Mar 28, 2024 20:08:56.130568027 CET | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Mar 28, 2024 20:08:56.130717039 CET | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Mar 28, 2024 20:08:56.130728960 CET | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Mar 28, 2024 20:08:56.130774021 CET | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:08:56.204349041 CET | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Mar 28, 2024 20:08:56.204404116 CET | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:08:56.214334965 CET | 443 | 49703 | 23.206.229.226 | 192.168.2.8 |
Mar 28, 2024 20:08:56.214381933 CET | 49703 | 443 | 192.168.2.8 | 23.206.229.226 |
Mar 28, 2024 20:09:25.173645973 CET | 49710 | 80 | 192.168.2.8 | 23.22.126.75 |
Mar 28, 2024 20:09:25.173674107 CET | 49711 | 80 | 192.168.2.8 | 23.22.126.75 |
Mar 28, 2024 20:09:25.268198967 CET | 80 | 49711 | 23.22.126.75 | 192.168.2.8 |
Mar 28, 2024 20:09:25.268332005 CET | 80 | 49710 | 23.22.126.75 | 192.168.2.8 |
Mar 28, 2024 20:09:27.892580986 CET | 49704 | 80 | 192.168.2.8 | 72.21.81.240 |
Mar 28, 2024 20:09:27.986772060 CET | 80 | 49704 | 72.21.81.240 | 192.168.2.8 |
Mar 28, 2024 20:09:27.986846924 CET | 49704 | 80 | 192.168.2.8 | 72.21.81.240 |
Mar 28, 2024 20:09:40.262593985 CET | 80 | 49711 | 23.22.126.75 | 192.168.2.8 |
Mar 28, 2024 20:09:40.262685061 CET | 49711 | 80 | 192.168.2.8 | 23.22.126.75 |
Mar 28, 2024 20:09:40.262907028 CET | 80 | 49710 | 23.22.126.75 | 192.168.2.8 |
Mar 28, 2024 20:09:40.263030052 CET | 49710 | 80 | 192.168.2.8 | 23.22.126.75 |
Mar 28, 2024 20:09:40.660998106 CET | 49711 | 80 | 192.168.2.8 | 23.22.126.75 |
Mar 28, 2024 20:09:40.661107063 CET | 49710 | 80 | 192.168.2.8 | 23.22.126.75 |
Mar 28, 2024 20:09:40.755495071 CET | 80 | 49711 | 23.22.126.75 | 192.168.2.8 |
Mar 28, 2024 20:09:40.755765915 CET | 80 | 49710 | 23.22.126.75 | 192.168.2.8 |
Mar 28, 2024 20:09:41.993839979 CET | 49722 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:09:41.993891001 CET | 443 | 49722 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:09:41.993956089 CET | 49722 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:09:41.994193077 CET | 49722 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:09:41.994210958 CET | 443 | 49722 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:09:42.211313963 CET | 443 | 49722 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:09:42.211904049 CET | 49722 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:09:42.211925030 CET | 443 | 49722 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:09:42.212274075 CET | 443 | 49722 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:09:42.213093042 CET | 49722 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:09:42.213165998 CET | 443 | 49722 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:09:42.267349005 CET | 49722 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:09:52.227001905 CET | 443 | 49722 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:09:52.227076054 CET | 443 | 49722 | 142.250.31.105 | 192.168.2.8 |
Mar 28, 2024 20:09:52.227158070 CET | 49722 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:09:52.663670063 CET | 49722 | 443 | 192.168.2.8 | 142.250.31.105 |
Mar 28, 2024 20:09:52.663708925 CET | 443 | 49722 | 142.250.31.105 | 192.168.2.8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 28, 2024 20:08:38.455434084 CET | 53 | 65513 | 1.1.1.1 | 192.168.2.8 |
Mar 28, 2024 20:08:38.556070089 CET | 53 | 56646 | 1.1.1.1 | 192.168.2.8 |
Mar 28, 2024 20:08:39.157965899 CET | 53 | 52671 | 1.1.1.1 | 192.168.2.8 |
Mar 28, 2024 20:08:39.976901054 CET | 50099 | 53 | 192.168.2.8 | 1.1.1.1 |
Mar 28, 2024 20:08:39.977001905 CET | 57055 | 53 | 192.168.2.8 | 1.1.1.1 |
Mar 28, 2024 20:08:39.990937948 CET | 63201 | 53 | 192.168.2.8 | 1.1.1.1 |
Mar 28, 2024 20:08:39.991125107 CET | 61079 | 53 | 192.168.2.8 | 1.1.1.1 |
Mar 28, 2024 20:08:40.073295116 CET | 53 | 50099 | 1.1.1.1 | 192.168.2.8 |
Mar 28, 2024 20:08:40.073431969 CET | 53 | 57055 | 1.1.1.1 | 192.168.2.8 |
Mar 28, 2024 20:08:40.088915110 CET | 53 | 63201 | 1.1.1.1 | 192.168.2.8 |
Mar 28, 2024 20:08:40.089262009 CET | 53 | 61079 | 1.1.1.1 | 192.168.2.8 |
Mar 28, 2024 20:08:41.551557064 CET | 50590 | 53 | 192.168.2.8 | 1.1.1.1 |
Mar 28, 2024 20:08:41.551791906 CET | 61351 | 53 | 192.168.2.8 | 1.1.1.1 |
Mar 28, 2024 20:08:41.646811962 CET | 53 | 50590 | 1.1.1.1 | 192.168.2.8 |
Mar 28, 2024 20:08:41.647677898 CET | 53 | 61351 | 1.1.1.1 | 192.168.2.8 |
Mar 28, 2024 20:08:56.395704031 CET | 53 | 63756 | 1.1.1.1 | 192.168.2.8 |
Mar 28, 2024 20:09:15.474808931 CET | 53 | 53241 | 1.1.1.1 | 192.168.2.8 |
Mar 28, 2024 20:09:28.054683924 CET | 138 | 138 | 192.168.2.8 | 192.168.2.255 |
Mar 28, 2024 20:09:37.070235014 CET | 53 | 52901 | 1.1.1.1 | 192.168.2.8 |
Mar 28, 2024 20:09:38.383301020 CET | 53 | 52549 | 1.1.1.1 | 192.168.2.8 |
Mar 28, 2024 20:10:06.131330967 CET | 53 | 52432 | 1.1.1.1 | 192.168.2.8 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 28, 2024 20:08:39.976901054 CET | 192.168.2.8 | 1.1.1.1 | 0xae55 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 20:08:39.977001905 CET | 192.168.2.8 | 1.1.1.1 | 0xeb89 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 28, 2024 20:08:39.990937948 CET | 192.168.2.8 | 1.1.1.1 | 0x8184 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 20:08:39.991125107 CET | 192.168.2.8 | 1.1.1.1 | 0x8924 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 28, 2024 20:08:41.551557064 CET | 192.168.2.8 | 1.1.1.1 | 0xcd6e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 28, 2024 20:08:41.551791906 CET | 192.168.2.8 | 1.1.1.1 | 0xe949 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 28, 2024 20:08:40.073295116 CET | 1.1.1.1 | 192.168.2.8 | 0xae55 | No error (0) | 23.22.126.75 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:40.073295116 CET | 1.1.1.1 | 192.168.2.8 | 0xae55 | No error (0) | 54.204.233.13 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:40.073295116 CET | 1.1.1.1 | 192.168.2.8 | 0xae55 | No error (0) | 54.227.94.79 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:40.073295116 CET | 1.1.1.1 | 192.168.2.8 | 0xae55 | No error (0) | 3.221.141.3 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:40.073295116 CET | 1.1.1.1 | 192.168.2.8 | 0xae55 | No error (0) | 54.88.74.145 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:40.073295116 CET | 1.1.1.1 | 192.168.2.8 | 0xae55 | No error (0) | 54.236.94.254 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:40.088915110 CET | 1.1.1.1 | 192.168.2.8 | 0x8184 | No error (0) | 54.227.94.79 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:40.088915110 CET | 1.1.1.1 | 192.168.2.8 | 0x8184 | No error (0) | 54.236.94.254 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:40.088915110 CET | 1.1.1.1 | 192.168.2.8 | 0x8184 | No error (0) | 54.88.74.145 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:40.088915110 CET | 1.1.1.1 | 192.168.2.8 | 0x8184 | No error (0) | 54.204.233.13 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:40.088915110 CET | 1.1.1.1 | 192.168.2.8 | 0x8184 | No error (0) | 3.221.141.3 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:40.088915110 CET | 1.1.1.1 | 192.168.2.8 | 0x8184 | No error (0) | 23.22.126.75 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:41.646811962 CET | 1.1.1.1 | 192.168.2.8 | 0xcd6e | No error (0) | 142.250.31.105 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:41.646811962 CET | 1.1.1.1 | 192.168.2.8 | 0xcd6e | No error (0) | 142.250.31.147 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:41.646811962 CET | 1.1.1.1 | 192.168.2.8 | 0xcd6e | No error (0) | 142.250.31.104 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:41.646811962 CET | 1.1.1.1 | 192.168.2.8 | 0xcd6e | No error (0) | 142.250.31.103 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:41.646811962 CET | 1.1.1.1 | 192.168.2.8 | 0xcd6e | No error (0) | 142.250.31.99 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:41.646811962 CET | 1.1.1.1 | 192.168.2.8 | 0xcd6e | No error (0) | 142.250.31.106 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:41.647677898 CET | 1.1.1.1 | 192.168.2.8 | 0xe949 | No error (0) | 65 | IN (0x0001) | false | |||
Mar 28, 2024 20:08:54.766421080 CET | 1.1.1.1 | 192.168.2.8 | 0x9eb5 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 28, 2024 20:08:54.766421080 CET | 1.1.1.1 | 192.168.2.8 | 0x9eb5 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:09:07.098184109 CET | 1.1.1.1 | 192.168.2.8 | 0x8bdf | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 28, 2024 20:09:07.098184109 CET | 1.1.1.1 | 192.168.2.8 | 0x8bdf | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:09:30.598213911 CET | 1.1.1.1 | 192.168.2.8 | 0x287 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 28, 2024 20:09:30.598213911 CET | 1.1.1.1 | 192.168.2.8 | 0x287 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Mar 28, 2024 20:09:49.833422899 CET | 1.1.1.1 | 192.168.2.8 | 0x551 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 28, 2024 20:09:49.833422899 CET | 1.1.1.1 | 192.168.2.8 | 0x551 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.8 | 49710 | 23.22.126.75 | 80 | 6104 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:09:25.173645973 CET | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.8 | 49711 | 23.22.126.75 | 80 | 6104 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 20:09:25.173674107 CET | 6 | OUT |
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Mar 28, 2024 20:08:54.436306000 CET | 23.206.229.226 | 443 | 192.168.2.8 | 49703 | CN=r.bing.com, O=Microsoft Corporation, L=Redmond, ST=WA, C=US CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US | CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US | Wed Oct 18 22:32:40 CEST 2023 Wed Aug 12 02:00:00 CEST 2020 | Fri Jun 28 01:59:59 CEST 2024 Fri Jun 28 01:59:59 CEST 2024 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-5-10-11-13-35-16-23-65281,29-23-24,0 | 28a2c9bd18a11de089ef85a160da29e4 |
CN=Microsoft Azure ECC TLS Issuing CA 05, O=Microsoft Corporation, C=US | CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US | Wed Aug 12 02:00:00 CEST 2020 | Fri Jun 28 01:59:59 CEST 2024 |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.8 | 49712 | 54.227.94.79 | 443 | 6104 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-28 19:08:40 UTC | 659 | OUT | |
2024-03-28 19:08:40 UTC | 128 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.8 | 49716 | 23.196.184.112 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-28 19:08:43 UTC | 161 | OUT | |
2024-03-28 19:08:44 UTC | 468 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.8 | 49717 | 23.196.184.112 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-28 19:08:44 UTC | 239 | OUT | |
2024-03-28 19:08:44 UTC | 531 | IN | |
2024-03-28 19:08:44 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 20:08:33 |
Start date: | 28/03/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff678760000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 20:08:35 |
Start date: | 28/03/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff678760000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 20:08:38 |
Start date: | 28/03/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff678760000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |