Windows
Analysis Report
http://apps.identrust.com/roots/dstrootcax3.p7c
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 5232 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6200 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2096 --fi eld-trial- handle=202 4,i,460772 2313752764 857,110061 2065977210 2750,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 5892 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://apps.i dentrust.c om/roots/d strootcax3 .p7c" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- wab.exe (PID: 2296 cmdline:
"C:\Progra m Files\Wi ndows Mail \wab.exe" /certifica te "C:\Use rs\user\Do wnloads\ds trootcax3. p7c" MD5: DBB30349963DBF34B6A50E6A2C3F3644)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | File opened: | Jump to behavior |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 172.217.215.104 | true | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
172.217.215.104 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428597 |
Start date and time: | 2024-04-19 09:41:43 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 26s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://apps.identrust.com/roots/dstrootcax3.p7c |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.win@18/11@2/3 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 64.233.185.94, 64.233.176.101, 64.233.176.138, 64.233.176.102, 64.233.176.139, 64.233.176.100, 64.233.176.113, 142.251.15.84, 34.104.35.123, 96.7.224.66, 96.7.224.9, 72.21.81.240, 23.40.205.34, 192.229.211.108, 74.125.138.94, 64.233.177.101, 64.233.177.138, 64.233.177.102, 64.233.177.100, 64.233.177.113, 64.233.177.139
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, apps.identrust.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9780152300262834 |
Encrypted: | false |
SSDEEP: | 48:8/5doTMMYHDidAKZdA19ehwiZUklqeh0y+3:8/cvsry |
MD5: | D5F6EDF25AB76576122A1E0C6F1E515D |
SHA1: | FA7A161822811ECA212B1904BE739C5567422EB8 |
SHA-256: | FD16D9D3B97E44FD4E40E613D07A196133807D3CADAC01CFA79E6AE490CEB09D |
SHA-512: | 4AF6EB0BE1CF7BCFD3D5C2B989D7C1379FFE4E4FE6A93A09AA68A0CDC2B0760C117C4FE11194508EADAFC6EE173DA908D9FB8DD491054F6803977D0A8F5B979D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9921751895790103 |
Encrypted: | false |
SSDEEP: | 48:8l5doTMMYHDidAKZdA1weh/iZUkAQkqehby+2:8lcve9QKy |
MD5: | 35C4D894FC5441142BA4D89AE21BA3EE |
SHA1: | AAC6B1B3C0316D040702EE17F1908538A7AC8BCE |
SHA-256: | 66D98F63E93C89197E325F854D4D095C83ED86DCF666A115BC98A60946908547 |
SHA-512: | E09D1EB6D4CBF83DF065D715062943FED8EDDCB9607C6933EB579EE860B4AE38F8C6EF5082FDB2F68309F7DA25D6BE011A399456C158ADE213632B6D43D7C7DB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.007832630698383 |
Encrypted: | false |
SSDEEP: | 48:8x9doTMMsHDidAKZdA14tseh7sFiZUkmgqeh7sBy+BX:8xYvSn/y |
MD5: | AD5DB4AC8DD233E3B1E1293F238128B5 |
SHA1: | 3605208F75AF59894E41BD20BA34E07692A9E673 |
SHA-256: | DEB6B93EE5F595F9D0C1A8C4A5CF2D1CC477841E74C9BF7BA945ABC39D8F27FB |
SHA-512: | 44C63F4C36D934A5817EE09B4EF60A03267A172682643118FB599BAF47A3EB05F309DC1975352B1CF335FEBC7EAADA281F0E6DD90DA5E7F15A62196B41D6CD07 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9899227170382288 |
Encrypted: | false |
SSDEEP: | 48:8T5doTMMYHDidAKZdA1vehDiZUkwqehny+R:8TcvFpy |
MD5: | 4C4D84509B81D6862CDB692776282553 |
SHA1: | 7F922971E795E634F45CB3DF95E0F5CA8E40A28F |
SHA-256: | CA0BA5A7012687E05A7B0D27BFB508B25C46DAD93DEF417479BA9605A3612CAF |
SHA-512: | 0AFAB2B22D5032695A9DFC012CDC6869E287D8C6EB8EA61726D972C791F72806844526C71D4CBFB0C3CB50675CDECA0191188F37220675A6D90C9A657C66CA0C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9839013280508224 |
Encrypted: | false |
SSDEEP: | 48:8Y5doTMMYHDidAKZdA1hehBiZUk1W1qehVy+C:8YcvV91y |
MD5: | 01A5A6006C3C639BC2007CCDE9958125 |
SHA1: | BC2CB4D777325FF8029FF1D8A97B0A53D0E05340 |
SHA-256: | 12678B795B4F1DD5BEEF1E43BF942626996F977A66A1EEBB06821C13DA9EA43D |
SHA-512: | 08A394A0D6F97DCD4C9E45595F68CBA106A42A81FA944B9875AB68A1E00683BF57939232A71BEA3E9A03FE7FF34F50290B200B6309E195678200C50422F9BE78 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9926738572285507 |
Encrypted: | false |
SSDEEP: | 48:8l5doTMMYHDidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb/y+yT+:8lcvpT/TbxWOvTb/y7T |
MD5: | D317E346C87C069AABC380C2F5704952 |
SHA1: | 4EFE28C884C7559F43B58691B7D50EA8AA97AE1F |
SHA-256: | 7D142BA8F4964B8C9004C746D81CBD8647B29FB3DF7669C775A9747515BE8064 |
SHA-512: | D2DB484290F26DF0E45A927536D5BD29C5895F98E15C44B59E63B16AA683DF3867CCFD9FEA4666A26B6634B0F1C42104163D78E91A91A4612FBB735B2717366E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Reputation: | low |
URL: | http://apps.identrust.com/roots/dstrootcax3.p7c |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 09:42:31.114213943 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:31.114389896 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:31.255026102 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:40.132235050 CEST | 49715 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:42:40.132320881 CEST | 443 | 49715 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:42:40.132405996 CEST | 49715 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:42:40.132693052 CEST | 49715 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:42:40.132724047 CEST | 443 | 49715 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:42:40.357588053 CEST | 443 | 49715 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:42:40.357855082 CEST | 49715 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:42:40.357906103 CEST | 443 | 49715 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:42:40.359566927 CEST | 443 | 49715 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:42:40.359651089 CEST | 49715 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:42:40.360801935 CEST | 49715 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:42:40.360965967 CEST | 443 | 49715 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:42:40.401492119 CEST | 49715 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:42:40.401515007 CEST | 443 | 49715 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:42:40.448358059 CEST | 49715 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:42:40.714112997 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:40.729724884 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:40.854615927 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:41.022490025 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.022572994 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.022670984 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.024800062 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.024840117 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.249450922 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.249664068 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.251992941 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.252046108 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.252489090 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.288687944 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.332180977 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.457357883 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.457479000 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.457560062 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.457664967 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.457664967 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.457705975 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.457736015 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.499156952 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.499195099 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.499465942 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.499587059 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.499600887 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.713771105 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.713851929 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.715024948 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.715039015 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.715369940 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.716325998 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.760194063 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.917637110 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.917916059 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.918366909 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.918566942 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.918587923 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:41.918606043 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 09:42:41.918612957 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 09:42:42.240885973 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 09:42:42.241271973 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:50.360058069 CEST | 443 | 49715 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:42:50.360172033 CEST | 443 | 49715 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:42:50.360326052 CEST | 49715 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:42:50.716960907 CEST | 49715 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:42:50.717031956 CEST | 443 | 49715 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:42:51.296968937 CEST | 49718 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:42:51.297013044 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:51.297092915 CEST | 49718 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:42:51.298362017 CEST | 49718 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:42:51.298378944 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:51.816673994 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:51.816829920 CEST | 49718 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:42:51.819765091 CEST | 49718 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:42:51.819780111 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:51.820293903 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:51.871148109 CEST | 49718 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:42:52.314945936 CEST | 49718 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:42:52.336462021 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:52.339344025 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:52.339720964 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:52.339770079 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 09:42:52.339878082 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:52.340183020 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:52.340205908 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 09:42:52.356134892 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:52.486779928 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 09:42:52.491487026 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 09:42:52.653225899 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:52.653254032 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:52.653264046 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:52.653283119 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:52.653315067 CEST | 49718 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:42:52.653342962 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:52.653356075 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:52.653371096 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:52.653372049 CEST | 49718 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:42:52.653387070 CEST | 49718 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:42:52.653429031 CEST | 49718 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:42:52.653434992 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:52.653467894 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:52.653474092 CEST | 49718 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:42:52.653506994 CEST | 49718 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:42:52.661855936 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 09:42:52.661927938 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:52.686428070 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:52.686463118 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 09:42:52.686988115 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 09:42:52.687099934 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:52.687539101 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:52.687587976 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 09:42:52.687673092 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:52.687685013 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 09:42:52.899003029 CEST | 49718 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:42:52.899027109 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:52.899044991 CEST | 49718 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:42:52.899054050 CEST | 443 | 49718 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:42:53.030925035 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 09:42:53.031014919 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:42:53.031048059 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 09:42:53.031131029 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 09:42:53.031177044 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 09:43:29.273971081 CEST | 49725 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:43:29.274009943 CEST | 443 | 49725 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:43:29.274094105 CEST | 49725 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:43:29.276181936 CEST | 49725 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:43:29.276191950 CEST | 443 | 49725 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:43:29.784215927 CEST | 443 | 49725 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:43:29.784332037 CEST | 49725 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:43:29.787715912 CEST | 49725 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:43:29.787720919 CEST | 443 | 49725 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:43:29.787906885 CEST | 443 | 49725 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:43:29.795845032 CEST | 49725 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:43:29.836122036 CEST | 443 | 49725 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:43:30.283111095 CEST | 443 | 49725 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:43:30.283128977 CEST | 443 | 49725 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:43:30.283170938 CEST | 443 | 49725 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:43:30.283210039 CEST | 49725 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:43:30.283220053 CEST | 443 | 49725 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:43:30.283227921 CEST | 443 | 49725 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:43:30.283250093 CEST | 49725 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:43:30.283288002 CEST | 49725 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:43:30.283292055 CEST | 443 | 49725 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:43:30.283371925 CEST | 443 | 49725 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:43:30.283380985 CEST | 49725 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:43:30.283415079 CEST | 49725 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:43:30.287203074 CEST | 49725 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:43:30.287214041 CEST | 443 | 49725 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:43:30.287224054 CEST | 49725 | 443 | 192.168.2.5 | 20.114.59.183 |
Apr 19, 2024 09:43:30.287230015 CEST | 443 | 49725 | 20.114.59.183 | 192.168.2.5 |
Apr 19, 2024 09:43:40.088133097 CEST | 49727 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:43:40.088160992 CEST | 443 | 49727 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:43:40.088280916 CEST | 49727 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:43:40.088510990 CEST | 49727 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:43:40.088516951 CEST | 443 | 49727 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:43:40.304742098 CEST | 443 | 49727 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:43:40.305143118 CEST | 49727 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:43:40.305160046 CEST | 443 | 49727 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:43:40.306267977 CEST | 443 | 49727 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:43:40.307085037 CEST | 49727 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:43:40.307259083 CEST | 443 | 49727 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:43:40.355649948 CEST | 49727 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:43:50.380229950 CEST | 443 | 49727 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:43:50.380284071 CEST | 443 | 49727 | 172.217.215.104 | 192.168.2.5 |
Apr 19, 2024 09:43:50.380422115 CEST | 49727 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:43:50.715883017 CEST | 49727 | 443 | 192.168.2.5 | 172.217.215.104 |
Apr 19, 2024 09:43:50.715905905 CEST | 443 | 49727 | 172.217.215.104 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 09:42:37.237859964 CEST | 53 | 54932 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 09:42:40.027739048 CEST | 61684 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 09:42:40.028067112 CEST | 59977 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 09:42:40.130799055 CEST | 53 | 61684 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 09:42:40.131195068 CEST | 53 | 59977 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 09:42:54.218044996 CEST | 53 | 51438 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 09:43:13.246831894 CEST | 53 | 52984 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 09:43:36.086011887 CEST | 53 | 61407 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 09:43:36.197666883 CEST | 53 | 64212 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 09:44:04.051270008 CEST | 53 | 54011 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 19, 2024 09:42:40.027739048 CEST | 192.168.2.5 | 1.1.1.1 | 0x749a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 09:42:40.028067112 CEST | 192.168.2.5 | 1.1.1.1 | 0xa544 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2024 09:42:40.130799055 CEST | 1.1.1.1 | 192.168.2.5 | 0x749a | No error (0) | 172.217.215.104 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 09:42:40.130799055 CEST | 1.1.1.1 | 192.168.2.5 | 0x749a | No error (0) | 172.217.215.105 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 09:42:40.130799055 CEST | 1.1.1.1 | 192.168.2.5 | 0x749a | No error (0) | 172.217.215.147 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 09:42:40.130799055 CEST | 1.1.1.1 | 192.168.2.5 | 0x749a | No error (0) | 172.217.215.99 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 09:42:40.130799055 CEST | 1.1.1.1 | 192.168.2.5 | 0x749a | No error (0) | 172.217.215.106 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 09:42:40.130799055 CEST | 1.1.1.1 | 192.168.2.5 | 0x749a | No error (0) | 172.217.215.103 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 09:42:40.131195068 CEST | 1.1.1.1 | 192.168.2.5 | 0xa544 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49716 | 23.60.84.144 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 07:42:41 UTC | 161 | OUT | |
2024-04-19 07:42:41 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49717 | 23.60.84.144 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 07:42:41 UTC | 239 | OUT | |
2024-04-19 07:42:41 UTC | 456 | IN | |
2024-04-19 07:42:41 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49718 | 20.114.59.183 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 07:42:52 UTC | 306 | OUT | |
2024-04-19 07:42:52 UTC | 560 | IN | |
2024-04-19 07:42:52 UTC | 15824 | IN | |
2024-04-19 07:42:52 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
3 | 192.168.2.5 | 49722 | 23.1.237.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 07:42:52 UTC | 2148 | OUT | |
2024-04-19 07:42:52 UTC | 1 | OUT | |
2024-04-19 07:42:52 UTC | 2483 | OUT | |
2024-04-19 07:42:53 UTC | 480 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49725 | 20.114.59.183 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 07:43:29 UTC | 306 | OUT | |
2024-04-19 07:43:30 UTC | 560 | IN | |
2024-04-19 07:43:30 UTC | 15824 | IN | |
2024-04-19 07:43:30 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 09:42:31 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 09:42:34 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 09:42:37 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 7 |
Start time: | 09:43:53 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Windows Mail\wab.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6aec30000 |
File size: | 518'656 bytes |
MD5 hash: | DBB30349963DBF34B6A50E6A2C3F3644 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |