Windows
Analysis Report
https://dl.eviware.com/ready-api/3.51.0/ReadyAPI-x64-3.51.0.exe
Overview
General Information
Detection
Score: | 3 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 7044 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// dl.eviware .com/ready -api/3.51. 0/ReadyAPI -x64-3.51. 0.exe MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 3992 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2196 --fi eld-trial- handle=192 0,i,761801 4939835548 521,154280 6357787319 4545,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source: | Author: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): |
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | |||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 11 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
dl.eviware.com | 216.137.45.5 | true | false |
| unknown |
www.google.com | 64.233.176.105 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
216.137.45.5 | dl.eviware.com | United States | 16509 | AMAZON-02US | false | |
64.233.176.105 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428496 |
Start date and time: | 2024-04-19 03:08:00 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 25s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | https://dl.eviware.com/ready-api/3.51.0/ReadyAPI-x64-3.51.0.exe |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean3.win@14/9@4/4 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.253.124.94, 142.250.105.138, 142.250.105.139, 142.250.105.100, 142.250.105.113, 142.250.105.101, 142.250.105.102, 142.251.15.84, 34.104.35.123, 74.125.138.94, 64.233.176.138, 64.233.176.113, 64.233.176.139, 64.233.176.100, 64.233.176.102, 64.233.176.101
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.9907996385069353 |
Encrypted: | false |
SSDEEP: | 48:8xdwT0cDHuidAKZdA1FehwiZUklqehwtfy+3:8cPAnfy |
MD5: | F5A2D2ACF6B592D1732C5C11A2B3F3C1 |
SHA1: | EF29C6A571CC302F224A45C8EA520A5A137B7318 |
SHA-256: | 87CADF0AEE60AA76831445EC644A872E5259463C6BD8CD43B9D6187C9F96C0BE |
SHA-512: | C591E2BA51C59261EC5156685CF9E8D0D890C18523EF198745B3DA9B79BAB48093533DDC46D73095265E9E1FD8B5BE52D2CD8B35A849FEFD44E4A6B70DC9ABD5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.007726786535592 |
Encrypted: | false |
SSDEEP: | 48:89dwT0cDHuidAKZdA1seh/iZUkAQkqehFtfy+2:8gPW9QSfy |
MD5: | 14ACAD72AFA84B20EC1037C1BC0A9A8D |
SHA1: | F2B7FB52DCBEDC2732072733F6696D6A08762748 |
SHA-256: | F3D650C86EB83902241E13A47D00BCA62992F096A700F357ACC2920E8DB59A72 |
SHA-512: | 98FE27AAA95F4B62628C7A9C161A77188464679744744AD6D11F63DC972254795BEAC2B71063E1D23A72ABF46E3F9030A19B64E95164A9A7C948903A493F27FA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.01101898598353 |
Encrypted: | false |
SSDEEP: | 48:8+dwT0cAHuidAKZdA14meh7sFiZUkmgqeh7s7tfy+BX:8RP/nbfy |
MD5: | E027457EF75561B1E1CE5B5F4F041293 |
SHA1: | 133D75638120A864AF6ADDEE55CB446D7988D68C |
SHA-256: | 58AF9329A174D7FC31B2A3D27096091581C296AE826C037CDA01DAB6D2237BD3 |
SHA-512: | 77DB6A972383E6AEBF8AFAEEF988285EAC4A211357883CBB434157E38153DF31BFF321213A321DABBD9917E8DC7074B521554B07D07C4174960D6551289FF417 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.003742794385734 |
Encrypted: | false |
SSDEEP: | 48:8bpdwT0cDHuidAKZdA1TehDiZUkwqehJtfy+R:8bUPNRfy |
MD5: | 9B732F76BE0D816F4D7C5E4318F7F372 |
SHA1: | 6C7264482F036773520006A1AB382B9A64591858 |
SHA-256: | EDDA2492EA817F264EB9ECE616C87282B6647B4363CF013ADDD064FE126A08DD |
SHA-512: | 56DD871B212066F1786FDEEFC0C53CAF10D7C622CC7BA7DB3FDCA5F191432A637BDA767F5C883B7A79E63679333FEB2100A98A45E6DCDB9ADB93BC35935AB9DB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.993098462256021 |
Encrypted: | false |
SSDEEP: | 48:8DdwT0cDHuidAKZdA1dehBiZUk1W1qehHtfy+C:8yPt9tfy |
MD5: | 88EA108B78402F8BFF1FA35329BBBD85 |
SHA1: | C19CB523D2385B3970A957DD8EBDD218FA6046C3 |
SHA-256: | 884C699449FAE78DECC75ED1C03CDE643183E50720D77EC77E529CA1913F8FBF |
SHA-512: | D80AA55FA579084CCF7FB2506FAE9404EB71B8DAC83324F305E24C73702581871ABD937DB611A477B8E76DB544FC76EC0AAAE96EEF7D5A2D309D66EDB3CD33DE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.0039788777679615 |
Encrypted: | false |
SSDEEP: | 48:8AdwT0cDHuidAKZdA1duTeehOuTbbiZUk5OjqehOuTbxtfy+yT+:8vPVTfTbxWOvTbbfy7T |
MD5: | 0EF5935A32C7596D63B5C579BF87FEC3 |
SHA1: | C8C085E21A9EC2537E415983CBD13FFC287F05FE |
SHA-256: | 38D5D062841F3C146EA28E1F4035FA1C1DD3E1B2B18E1A5804D994179C23D8F0 |
SHA-512: | 1FB13B95A721BE90896186D778BD6C85E023AFB39C4750010DF4E798595752D400F2F8902EBE5E653A46FE12729853A788A2971E8250AFC74248E7A4230916D7 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15781 |
Entropy (8bit): | 5.88785632054479 |
Encrypted: | false |
SSDEEP: | 384:cC3DnjL020XGqFat36PHVtkIJeLaaw7PT8Rd:cs02gG8aN64Pbw70d |
MD5: | 80DD62954391C9FF877D890FC5BFC00E |
SHA1: | 5656F638A876379AF5342878ED7C7D34B4F21AE2 |
SHA-256: | 48C8A62784B19366BC785A0624D62D08C5654B010281D3F27F85B05176D9B262 |
SHA-512: | E8A7094BF2C4BC23BBACEA232979487DAD321347ECFC6331A66DE5EDE70FC27B570DE93A45B3526FDA933E0FFA1CCE1BE255A2C750078BE016677BC6A8E00BBE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 15781 |
Entropy (8bit): | 5.88785632054479 |
Encrypted: | false |
SSDEEP: | 384:cC3DnjL020XGqFat36PHVtkIJeLaaw7PT8Rd:cs02gG8aN64Pbw70d |
MD5: | 80DD62954391C9FF877D890FC5BFC00E |
SHA1: | 5656F638A876379AF5342878ED7C7D34B4F21AE2 |
SHA-256: | 48C8A62784B19366BC785A0624D62D08C5654B010281D3F27F85B05176D9B262 |
SHA-512: | E8A7094BF2C4BC23BBACEA232979487DAD321347ECFC6331A66DE5EDE70FC27B570DE93A45B3526FDA933E0FFA1CCE1BE255A2C750078BE016677BC6A8E00BBE |
Malicious: | false |
Reputation: | low |
URL: | https://dl.eviware.com/ready-api/3.51.0/ReadyAPI-x64-3.51.0.exe |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 03:08:27.408337116 CEST | 49698 | 443 | 192.168.2.16 | 216.137.45.5 |
Apr 19, 2024 03:08:27.408380032 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.408442020 CEST | 49698 | 443 | 192.168.2.16 | 216.137.45.5 |
Apr 19, 2024 03:08:27.409004927 CEST | 49698 | 443 | 192.168.2.16 | 216.137.45.5 |
Apr 19, 2024 03:08:27.409023046 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.637494087 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.637921095 CEST | 49698 | 443 | 192.168.2.16 | 216.137.45.5 |
Apr 19, 2024 03:08:27.637943029 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.640053034 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.640125990 CEST | 49698 | 443 | 192.168.2.16 | 216.137.45.5 |
Apr 19, 2024 03:08:27.641027927 CEST | 49698 | 443 | 192.168.2.16 | 216.137.45.5 |
Apr 19, 2024 03:08:27.641114950 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.641165018 CEST | 49698 | 443 | 192.168.2.16 | 216.137.45.5 |
Apr 19, 2024 03:08:27.684160948 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.691560984 CEST | 49698 | 443 | 192.168.2.16 | 216.137.45.5 |
Apr 19, 2024 03:08:27.691571951 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.739588022 CEST | 49698 | 443 | 192.168.2.16 | 216.137.45.5 |
Apr 19, 2024 03:08:27.970094919 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.970190048 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.970226049 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.970247030 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.970263958 CEST | 49698 | 443 | 192.168.2.16 | 216.137.45.5 |
Apr 19, 2024 03:08:27.970288038 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.970303059 CEST | 49698 | 443 | 192.168.2.16 | 216.137.45.5 |
Apr 19, 2024 03:08:27.970316887 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.970336914 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.970355988 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.970371008 CEST | 49698 | 443 | 192.168.2.16 | 216.137.45.5 |
Apr 19, 2024 03:08:27.970377922 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.970391989 CEST | 49698 | 443 | 192.168.2.16 | 216.137.45.5 |
Apr 19, 2024 03:08:27.970411062 CEST | 49698 | 443 | 192.168.2.16 | 216.137.45.5 |
Apr 19, 2024 03:08:27.986871958 CEST | 49698 | 443 | 192.168.2.16 | 216.137.45.5 |
Apr 19, 2024 03:08:27.986958027 CEST | 443 | 49698 | 216.137.45.5 | 192.168.2.16 |
Apr 19, 2024 03:08:27.987025976 CEST | 49698 | 443 | 192.168.2.16 | 216.137.45.5 |
Apr 19, 2024 03:08:32.214226961 CEST | 49703 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:08:32.214265108 CEST | 443 | 49703 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:08:32.214418888 CEST | 49703 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:08:32.214580059 CEST | 49703 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:08:32.214589119 CEST | 443 | 49703 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:08:32.435478926 CEST | 443 | 49703 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:08:32.435872078 CEST | 49703 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:08:32.435885906 CEST | 443 | 49703 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:08:32.437520027 CEST | 443 | 49703 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:08:32.437609911 CEST | 49703 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:08:32.438872099 CEST | 49703 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:08:32.438955069 CEST | 443 | 49703 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:08:32.491663933 CEST | 49703 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:08:32.491687059 CEST | 443 | 49703 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:08:32.539565086 CEST | 49703 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:08:35.064990997 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 19, 2024 03:08:35.368563890 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 19, 2024 03:08:35.975542068 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 19, 2024 03:08:37.185542107 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 19, 2024 03:08:39.589778900 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 19, 2024 03:08:41.424518108 CEST | 49707 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:41.424554110 CEST | 443 | 49707 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:41.424653053 CEST | 49707 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:41.426822901 CEST | 49707 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:41.426837921 CEST | 443 | 49707 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:41.472613096 CEST | 49708 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:08:41.472656012 CEST | 443 | 49708 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:08:41.472758055 CEST | 49708 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:08:41.474134922 CEST | 49708 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:08:41.474148035 CEST | 443 | 49708 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:08:41.646267891 CEST | 443 | 49707 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:41.646538973 CEST | 49707 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:41.675754070 CEST | 49707 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:41.675780058 CEST | 443 | 49707 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:41.676843882 CEST | 443 | 49707 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:41.730551958 CEST | 49707 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:41.824435949 CEST | 49707 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:41.872148037 CEST | 443 | 49707 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:41.877242088 CEST | 443 | 49708 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:08:41.877345085 CEST | 49708 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:08:41.880871058 CEST | 49708 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:08:41.880883932 CEST | 443 | 49708 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:08:41.881169081 CEST | 443 | 49708 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:08:41.922534943 CEST | 49708 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:08:41.931487083 CEST | 443 | 49707 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:41.931628942 CEST | 443 | 49707 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:41.931713104 CEST | 49707 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:41.931787014 CEST | 49707 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:41.931787014 CEST | 49707 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:41.931823969 CEST | 443 | 49707 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:41.931849003 CEST | 443 | 49707 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:41.958990097 CEST | 49708 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:08:41.975063086 CEST | 49709 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:41.975106001 CEST | 443 | 49709 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:41.975197077 CEST | 49709 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:41.975536108 CEST | 49709 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:41.975552082 CEST | 443 | 49709 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:42.004126072 CEST | 443 | 49708 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:08:42.197957039 CEST | 443 | 49709 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:42.198048115 CEST | 49709 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:42.199670076 CEST | 49709 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:42.199681044 CEST | 443 | 49709 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:42.200069904 CEST | 443 | 49709 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:42.201798916 CEST | 49709 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:42.248119116 CEST | 443 | 49709 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:42.259562969 CEST | 443 | 49708 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:08:42.259594917 CEST | 443 | 49708 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:08:42.259604931 CEST | 443 | 49708 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:08:42.259668112 CEST | 49708 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:08:42.259701014 CEST | 443 | 49708 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:08:42.259716988 CEST | 443 | 49708 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:08:42.259751081 CEST | 49708 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:08:42.259759903 CEST | 443 | 49708 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:08:42.259808064 CEST | 443 | 49708 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:08:42.259812117 CEST | 49708 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:08:42.259823084 CEST | 49708 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:08:42.259871006 CEST | 49708 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:08:42.277431965 CEST | 49708 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:08:42.277472019 CEST | 443 | 49708 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:08:42.277488947 CEST | 49708 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:08:42.277497053 CEST | 443 | 49708 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:08:42.402710915 CEST | 443 | 49709 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:42.402870893 CEST | 443 | 49709 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:42.402931929 CEST | 49709 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:42.403855085 CEST | 49709 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:42.403877020 CEST | 443 | 49709 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:42.403887987 CEST | 49709 | 443 | 192.168.2.16 | 23.63.157.166 |
Apr 19, 2024 03:08:42.403894901 CEST | 443 | 49709 | 23.63.157.166 | 192.168.2.16 |
Apr 19, 2024 03:08:42.487766027 CEST | 443 | 49703 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:08:42.487847090 CEST | 443 | 49703 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:08:42.487920046 CEST | 49703 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:08:43.233299971 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 19, 2024 03:08:43.536659002 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 19, 2024 03:08:43.570322990 CEST | 49703 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:08:43.570360899 CEST | 443 | 49703 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:08:44.143636942 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 19, 2024 03:08:44.399525881 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 19, 2024 03:08:45.356508017 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 19, 2024 03:08:47.704863071 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 19, 2024 03:08:47.768589973 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 19, 2024 03:08:48.007630110 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 19, 2024 03:08:48.613631964 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 19, 2024 03:08:49.827512026 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 19, 2024 03:08:52.237520933 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 19, 2024 03:08:52.572662115 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 19, 2024 03:08:54.011488914 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 19, 2024 03:08:57.045519114 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 19, 2024 03:09:02.187592983 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 19, 2024 03:09:06.645638943 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 19, 2024 03:09:17.614356041 CEST | 80 | 49696 | 217.20.53.36 | 192.168.2.16 |
Apr 19, 2024 03:09:17.614521027 CEST | 49696 | 80 | 192.168.2.16 | 217.20.53.36 |
Apr 19, 2024 03:09:17.614567995 CEST | 49696 | 80 | 192.168.2.16 | 217.20.53.36 |
Apr 19, 2024 03:09:17.756491899 CEST | 80 | 49696 | 217.20.53.36 | 192.168.2.16 |
Apr 19, 2024 03:09:17.899668932 CEST | 49697 | 80 | 192.168.2.16 | 217.20.53.36 |
Apr 19, 2024 03:09:17.904691935 CEST | 80 | 49697 | 217.20.53.36 | 192.168.2.16 |
Apr 19, 2024 03:09:17.904802084 CEST | 49697 | 80 | 192.168.2.16 | 217.20.53.36 |
Apr 19, 2024 03:09:18.039606094 CEST | 80 | 49697 | 217.20.53.36 | 192.168.2.16 |
Apr 19, 2024 03:09:18.697789907 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:09:18.697828054 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:09:18.698040009 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:09:18.698440075 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:09:18.698456049 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:09:19.096532106 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:09:19.096971989 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:09:19.098442078 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:09:19.098449945 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:09:19.098694086 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:09:19.100415945 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:09:19.148125887 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:09:19.481929064 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:09:19.481952906 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:09:19.482008934 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:09:19.482188940 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:09:19.482188940 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:09:19.482209921 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:09:19.482224941 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:09:19.482321024 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:09:19.485017061 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:09:19.485017061 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Apr 19, 2024 03:09:19.485035896 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:09:19.485044003 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Apr 19, 2024 03:09:32.166672945 CEST | 49712 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:09:32.166766882 CEST | 443 | 49712 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:09:32.166901112 CEST | 49712 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:09:32.167129040 CEST | 49712 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:09:32.167160988 CEST | 443 | 49712 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:09:32.380012035 CEST | 443 | 49712 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:09:32.380425930 CEST | 49712 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:09:32.380486012 CEST | 443 | 49712 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:09:32.380971909 CEST | 443 | 49712 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:09:32.381387949 CEST | 49712 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:09:32.381478071 CEST | 443 | 49712 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:09:32.436479092 CEST | 49712 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:09:36.961631060 CEST | 49688 | 443 | 192.168.2.16 | 204.79.197.200 |
Apr 19, 2024 03:09:42.381510973 CEST | 443 | 49712 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:09:42.381576061 CEST | 443 | 49712 | 64.233.176.105 | 192.168.2.16 |
Apr 19, 2024 03:09:42.381781101 CEST | 49712 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:09:43.571332932 CEST | 49712 | 443 | 192.168.2.16 | 64.233.176.105 |
Apr 19, 2024 03:09:43.571377039 CEST | 443 | 49712 | 64.233.176.105 | 192.168.2.16 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 03:08:27.298541069 CEST | 62281 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 19, 2024 03:08:27.298754930 CEST | 54525 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 19, 2024 03:08:27.405142069 CEST | 53 | 54525 | 1.1.1.1 | 192.168.2.16 |
Apr 19, 2024 03:08:27.405576944 CEST | 53 | 62281 | 1.1.1.1 | 192.168.2.16 |
Apr 19, 2024 03:08:27.409485102 CEST | 53 | 57011 | 1.1.1.1 | 192.168.2.16 |
Apr 19, 2024 03:08:27.417781115 CEST | 53 | 64681 | 1.1.1.1 | 192.168.2.16 |
Apr 19, 2024 03:08:28.011316061 CEST | 53 | 49580 | 1.1.1.1 | 192.168.2.16 |
Apr 19, 2024 03:08:32.108553886 CEST | 64592 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 19, 2024 03:08:32.108808041 CEST | 62437 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 19, 2024 03:08:32.213016987 CEST | 53 | 64592 | 1.1.1.1 | 192.168.2.16 |
Apr 19, 2024 03:08:32.213062048 CEST | 53 | 62437 | 1.1.1.1 | 192.168.2.16 |
Apr 19, 2024 03:08:45.094825983 CEST | 53 | 64140 | 1.1.1.1 | 192.168.2.16 |
Apr 19, 2024 03:09:04.122153997 CEST | 53 | 60419 | 1.1.1.1 | 192.168.2.16 |
Apr 19, 2024 03:09:26.749536037 CEST | 53 | 49602 | 1.1.1.1 | 192.168.2.16 |
Apr 19, 2024 03:09:27.370572090 CEST | 53 | 49354 | 1.1.1.1 | 192.168.2.16 |
Apr 19, 2024 03:09:39.411314964 CEST | 138 | 138 | 192.168.2.16 | 192.168.2.255 |
Apr 19, 2024 03:09:55.851334095 CEST | 53 | 65347 | 1.1.1.1 | 192.168.2.16 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 19, 2024 03:08:27.298541069 CEST | 192.168.2.16 | 1.1.1.1 | 0x7872 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 03:08:27.298754930 CEST | 192.168.2.16 | 1.1.1.1 | 0xcf1a | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 19, 2024 03:08:32.108553886 CEST | 192.168.2.16 | 1.1.1.1 | 0x6792 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 03:08:32.108808041 CEST | 192.168.2.16 | 1.1.1.1 | 0x2545 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2024 03:08:27.405576944 CEST | 1.1.1.1 | 192.168.2.16 | 0x7872 | No error (0) | 216.137.45.5 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 03:08:27.405576944 CEST | 1.1.1.1 | 192.168.2.16 | 0x7872 | No error (0) | 216.137.45.70 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 03:08:27.405576944 CEST | 1.1.1.1 | 192.168.2.16 | 0x7872 | No error (0) | 216.137.45.99 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 03:08:27.405576944 CEST | 1.1.1.1 | 192.168.2.16 | 0x7872 | No error (0) | 216.137.45.92 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 03:08:32.213016987 CEST | 1.1.1.1 | 192.168.2.16 | 0x6792 | No error (0) | 64.233.176.105 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 03:08:32.213016987 CEST | 1.1.1.1 | 192.168.2.16 | 0x6792 | No error (0) | 64.233.176.147 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 03:08:32.213016987 CEST | 1.1.1.1 | 192.168.2.16 | 0x6792 | No error (0) | 64.233.176.99 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 03:08:32.213016987 CEST | 1.1.1.1 | 192.168.2.16 | 0x6792 | No error (0) | 64.233.176.106 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 03:08:32.213016987 CEST | 1.1.1.1 | 192.168.2.16 | 0x6792 | No error (0) | 64.233.176.104 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 03:08:32.213016987 CEST | 1.1.1.1 | 192.168.2.16 | 0x6792 | No error (0) | 64.233.176.103 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 03:08:32.213062048 CEST | 1.1.1.1 | 192.168.2.16 | 0x2545 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49698 | 216.137.45.5 | 443 | 3992 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 01:08:27 UTC | 697 | OUT | |
2024-04-19 01:08:27 UTC | 603 | IN | |
2024-04-19 01:08:27 UTC | 15781 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.16 | 49707 | 23.63.157.166 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 01:08:41 UTC | 161 | OUT | |
2024-04-19 01:08:41 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.16 | 49708 | 13.85.23.86 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 01:08:41 UTC | 306 | OUT | |
2024-04-19 01:08:42 UTC | 560 | IN | |
2024-04-19 01:08:42 UTC | 15824 | IN | |
2024-04-19 01:08:42 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.16 | 49709 | 23.63.157.166 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 01:08:42 UTC | 239 | OUT | |
2024-04-19 01:08:42 UTC | 531 | IN | |
2024-04-19 01:08:42 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.16 | 49710 | 13.85.23.86 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 01:09:19 UTC | 306 | OUT | |
2024-04-19 01:09:19 UTC | 560 | IN | |
2024-04-19 01:09:19 UTC | 15824 | IN | |
2024-04-19 01:09:19 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 03:08:25 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 03:08:26 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |