Windows
Analysis Report
https://sales.sganalytics.com/trc2/0274a04c069a33bf9e4112d6a6155855786181d03f72d767796c3ab031c2e4c23679b040607e58b2
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 6256 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 5740 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2428 --fi eld-trial- handle=235 2,i,467158 8504332305 712,136369 4627083427 6244,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 5988 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://sales .sganalyti cs.com/trc 2/0274a04c 069a33bf9e 4112d6a615 5855786181 d03f72d767 796c3ab031 c2e4c23679 b040607e58 b2" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
www.google.com | 173.194.219.104 | true | false | high | |
us1-cx.outplayhq.com | 35.82.218.25 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown | |
sales.sganalytics.com | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
44.233.6.157 | unknown | United States | 16509 | AMAZON-02US | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
173.194.219.104 | www.google.com | United States | 15169 | GOOGLEUS | false | |
35.82.218.25 | us1-cx.outplayhq.com | United States | 237 | MERIT-AS-14US | false |
IP |
---|
192.168.2.4 |
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428879 |
Start date and time: | 2024-04-19 19:06:25 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 14s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://sales.sganalytics.com/trc2/0274a04c069a33bf9e4112d6a6155855786181d03f72d767796c3ab031c2e4c23679b040607e58b2 |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.win@16/9@6/6 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 173.194.219.94, 172.217.215.113, 172.217.215.100, 172.217.215.101, 172.217.215.102, 172.217.215.139, 172.217.215.138, 74.125.136.84, 34.104.35.123, 40.127.169.103, 23.40.205.32, 23.40.205.26, 23.40.205.16, 23.40.205.34, 23.40.205.43, 23.40.205.18, 23.40.205.49, 23.40.205.17, 23.40.205.66, 23.40.205.73, 192.229.211.108, 20.3.187.198, 64.233.185.94, 199.232.214.172
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: https://sales.sganalytics.com/trc2/0274a04c069a33bf9e4112d6a6155855786181d03f72d767796c3ab031c2e4c23679b040607e58b2
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.991189734644556 |
Encrypted: | false |
SSDEEP: | 48:8ZRdUTYsYH2idAKZdA19ehwiZUklqehAy+3:8ZgfN/y |
MD5: | 21CB1B54888A3D8716E017385DA48272 |
SHA1: | 7F179E4CC1E989077D7ED7615EDFAF27607097E5 |
SHA-256: | E7F82E314C3F6E9A88BFC7F60CEC7F607A33D405BF827C87B28E9C3E0E5FB3DD |
SHA-512: | 5B015EAD6CDA43C9894675342ED01ACE025F262E081F97F07A606643807E2AD87595681C823103F9BFEA4C14E87BE1137C31B914AEFA3EBD481A1BA4CF785DD9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.00430593664778 |
Encrypted: | false |
SSDEEP: | 48:8YdUTYsYH2idAKZdA1weh/iZUkAQkqehvy+2:8nfn9QKy |
MD5: | 7597810EF41C04F2D0048580142F904B |
SHA1: | C5665F70773DE7F03F754F219DBCF00DC14FCB4C |
SHA-256: | 8F683DD194DFD343CAB93708195C1453E97FB501A2D0A413FAEF95E695D1B1DB |
SHA-512: | 92F6F34A5A9449DDA8110038916097E06858AEC8DCFFD6E3FC5F0FC4375DABE16C4DAF15F2DBA2021BA2C108AF3B5FCED858FC87A030676E31348E154349B121 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.01397051596128 |
Encrypted: | false |
SSDEEP: | 48:8xNdUTYssH2idAKZdA14tseh7sFiZUkmgqeh7spy+BX:8xUfLnLy |
MD5: | FF07EEFB35661D0E199EC615E50CC8E0 |
SHA1: | B171FA97754B0A04CB7043004BE590B39D92630E |
SHA-256: | B48B832019FC6EE69A54D17196B3A8EBE258D6C1D0FCEB084A59C2642F4D4555 |
SHA-512: | 16865AFE4F87496D547E1351AF70C1707AB1283A0F61DC0075618A6069B96CEE995B4A4EEEF28F211DBE309C0E60F1440A1862A653CF1ADE235B486C632C7833 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 4.004669683826471 |
Encrypted: | false |
SSDEEP: | 48:8H8RdUTYsYH2idAKZdA1vehDiZUkwqehzy+R:8HHfExy |
MD5: | 019028AA22D5BE1119A77A1508AF0E21 |
SHA1: | 52D57B9296227A240CCBAFE5BD524AE3CCFE3502 |
SHA-256: | 52B0946ED1B26FF5363F20969FD50DBA6188EB93F99930DDCB908B5599B813CA |
SHA-512: | B4E33CEA1A1932F73030745C3E6E214E3640DF45D6ECA76657BBB627D39EA783E842B97C7645B9C86DF346E4BECFD240FB010561E393308AD741122069D25488 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.99169782792546 |
Encrypted: | false |
SSDEEP: | 48:8TdUTYsYH2idAKZdA1hehBiZUk1W1qehVy+C:8CfE91y |
MD5: | AFED7EAABC99A45042297D4B918A662D |
SHA1: | 5658C98A09792CBE75BE55190EDB3BD4F2843993 |
SHA-256: | 7A592D593118C66306B7473C42F1B1C75A5F03636DAE21337B173AA256105ABC |
SHA-512: | DF02FD845E23567ED1C46F24AA4556A29C747F769E30350B9AD1D28D907AB5A5763D8D0C52F6737CB6D4770172C085D5DA045824294345A3F6CF1B2CF7ABBF2D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 4.0053392289711205 |
Encrypted: | false |
SSDEEP: | 48:8adUTYsYH2idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbLy+yT+:8hfqT/TbxWOvTbLy7T |
MD5: | 5FE290F713559F08FEC376EA1B469957 |
SHA1: | 7B2894C8D63611A80445E8FDBCF3E9F94FA4A9A0 |
SHA-256: | F8949C983F13C3B79175F6B078F50A14C338A3027FFE0025BB5CEDEBD97BA07F |
SHA-512: | E3CAA2340628DEE21298EAEFDA835410851C74E6C8EE5C54E4A2A5648661282B466AD73BE84D74937773B69ABBA43A0527662078312A1926DD527D579FBEDF01 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5430 |
Entropy (8bit): | 5.292542388562385 |
Encrypted: | false |
SSDEEP: | 96:cr+NYnzNJKil6fxxRJxfCoIfCOmcdCRfbNgFsLT+joiM4S:GnKEKxxLI0bcslyFsedMx |
MD5: | 9200225B96881264E6481C77D69C622C |
SHA1: | 27608D84E28F926B740038252240F715EEB9D2BD |
SHA-256: | 26DC5FF4BFB9213291735808465E156D4A4691135F3815E3613761243E1F69C3 |
SHA-512: | B236B79924C705DCA8B60FE07C886B3AF2DF0BCC13BE6B915063FCDF691775A941DE3EEE5B59068508B55A7A9F5EC07D19792946D9F04B8B0CB95CB73EE10236 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 5430 |
Entropy (8bit): | 5.292542388562385 |
Encrypted: | false |
SSDEEP: | 96:cr+NYnzNJKil6fxxRJxfCoIfCOmcdCRfbNgFsLT+joiM4S:GnKEKxxLI0bcslyFsedMx |
MD5: | 9200225B96881264E6481C77D69C622C |
SHA1: | 27608D84E28F926B740038252240F715EEB9D2BD |
SHA-256: | 26DC5FF4BFB9213291735808465E156D4A4691135F3815E3613761243E1F69C3 |
SHA-512: | B236B79924C705DCA8B60FE07C886B3AF2DF0BCC13BE6B915063FCDF691775A941DE3EEE5B59068508B55A7A9F5EC07D19792946D9F04B8B0CB95CB73EE10236 |
Malicious: | false |
Reputation: | low |
URL: | https://sales.sganalytics.com/favicon.ico |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 19:07:07.871143103 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:07.871156931 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:07.968724966 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:15.053056002 CEST | 49711 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.053102970 CEST | 443 | 49711 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.053174973 CEST | 49711 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.053659916 CEST | 49712 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.053668976 CEST | 443 | 49712 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.053723097 CEST | 49712 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.053991079 CEST | 49711 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.054008961 CEST | 443 | 49711 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.054147005 CEST | 49712 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.054158926 CEST | 443 | 49712 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.421319008 CEST | 443 | 49711 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.421986103 CEST | 443 | 49712 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.437465906 CEST | 49711 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.437536001 CEST | 443 | 49711 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.439117908 CEST | 443 | 49711 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.439230919 CEST | 49711 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.440126896 CEST | 49712 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.440144062 CEST | 443 | 49712 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.440912008 CEST | 443 | 49712 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.440994024 CEST | 49712 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.441772938 CEST | 443 | 49711 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.441862106 CEST | 49711 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.441914082 CEST | 443 | 49712 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.441971064 CEST | 49712 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.443084955 CEST | 49711 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.443286896 CEST | 49711 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.443299055 CEST | 443 | 49711 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.443644047 CEST | 49712 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.443824053 CEST | 443 | 49712 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.486814976 CEST | 49711 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.486814976 CEST | 49712 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.486880064 CEST | 443 | 49711 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.486922026 CEST | 443 | 49712 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.534451962 CEST | 49711 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.534452915 CEST | 49712 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.765434027 CEST | 443 | 49711 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.765930891 CEST | 443 | 49711 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.766094923 CEST | 49711 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.773549080 CEST | 49711 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.773593903 CEST | 443 | 49711 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:15.907969952 CEST | 49712 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:15.952121019 CEST | 443 | 49712 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:16.086118937 CEST | 443 | 49712 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:16.086174965 CEST | 443 | 49712 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:16.086288929 CEST | 49712 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:16.086355925 CEST | 443 | 49712 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:16.086407900 CEST | 443 | 49712 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:16.086424112 CEST | 49712 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:16.086457014 CEST | 49712 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:16.090651035 CEST | 49712 | 443 | 192.168.2.5 | 35.82.218.25 |
Apr 19, 2024 19:07:16.090686083 CEST | 443 | 49712 | 35.82.218.25 | 192.168.2.5 |
Apr 19, 2024 19:07:16.380125999 CEST | 49713 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:07:16.380151987 CEST | 443 | 49713 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:07:16.380213022 CEST | 49713 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:07:16.380969048 CEST | 49713 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:07:16.380981922 CEST | 443 | 49713 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:07:16.516432047 CEST | 49714 | 443 | 192.168.2.5 | 44.233.6.157 |
Apr 19, 2024 19:07:16.516510963 CEST | 443 | 49714 | 44.233.6.157 | 192.168.2.5 |
Apr 19, 2024 19:07:16.516587973 CEST | 49714 | 443 | 192.168.2.5 | 44.233.6.157 |
Apr 19, 2024 19:07:16.526159048 CEST | 49714 | 443 | 192.168.2.5 | 44.233.6.157 |
Apr 19, 2024 19:07:16.526197910 CEST | 443 | 49714 | 44.233.6.157 | 192.168.2.5 |
Apr 19, 2024 19:07:16.608973026 CEST | 443 | 49713 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:07:16.658457041 CEST | 49713 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:07:16.662663937 CEST | 49713 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:07:16.662671089 CEST | 443 | 49713 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:07:16.666549921 CEST | 443 | 49713 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:07:16.666618109 CEST | 49713 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:07:16.882817984 CEST | 443 | 49714 | 44.233.6.157 | 192.168.2.5 |
Apr 19, 2024 19:07:16.889446020 CEST | 49714 | 443 | 192.168.2.5 | 44.233.6.157 |
Apr 19, 2024 19:07:16.889506102 CEST | 443 | 49714 | 44.233.6.157 | 192.168.2.5 |
Apr 19, 2024 19:07:16.890093088 CEST | 443 | 49714 | 44.233.6.157 | 192.168.2.5 |
Apr 19, 2024 19:07:16.890167952 CEST | 49714 | 443 | 192.168.2.5 | 44.233.6.157 |
Apr 19, 2024 19:07:16.891088963 CEST | 443 | 49714 | 44.233.6.157 | 192.168.2.5 |
Apr 19, 2024 19:07:16.891164064 CEST | 49714 | 443 | 192.168.2.5 | 44.233.6.157 |
Apr 19, 2024 19:07:16.895210981 CEST | 49714 | 443 | 192.168.2.5 | 44.233.6.157 |
Apr 19, 2024 19:07:16.895298958 CEST | 443 | 49714 | 44.233.6.157 | 192.168.2.5 |
Apr 19, 2024 19:07:16.895422935 CEST | 49714 | 443 | 192.168.2.5 | 44.233.6.157 |
Apr 19, 2024 19:07:16.895437956 CEST | 443 | 49714 | 44.233.6.157 | 192.168.2.5 |
Apr 19, 2024 19:07:16.939743042 CEST | 49714 | 443 | 192.168.2.5 | 44.233.6.157 |
Apr 19, 2024 19:07:17.156086922 CEST | 49713 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:07:17.156260967 CEST | 443 | 49713 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:07:17.205456972 CEST | 49713 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:07:17.205476046 CEST | 443 | 49713 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:07:17.237191916 CEST | 49715 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:17.237288952 CEST | 443 | 49715 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:17.241347075 CEST | 49715 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:17.244705915 CEST | 49715 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:17.244744062 CEST | 443 | 49715 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:17.248522997 CEST | 443 | 49714 | 44.233.6.157 | 192.168.2.5 |
Apr 19, 2024 19:07:17.248544931 CEST | 443 | 49714 | 44.233.6.157 | 192.168.2.5 |
Apr 19, 2024 19:07:17.248697042 CEST | 443 | 49714 | 44.233.6.157 | 192.168.2.5 |
Apr 19, 2024 19:07:17.248724937 CEST | 49714 | 443 | 192.168.2.5 | 44.233.6.157 |
Apr 19, 2024 19:07:17.248754025 CEST | 443 | 49714 | 44.233.6.157 | 192.168.2.5 |
Apr 19, 2024 19:07:17.248778105 CEST | 443 | 49714 | 44.233.6.157 | 192.168.2.5 |
Apr 19, 2024 19:07:17.248784065 CEST | 49714 | 443 | 192.168.2.5 | 44.233.6.157 |
Apr 19, 2024 19:07:17.248904943 CEST | 49714 | 443 | 192.168.2.5 | 44.233.6.157 |
Apr 19, 2024 19:07:17.252238989 CEST | 49713 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:07:17.265058994 CEST | 49714 | 443 | 192.168.2.5 | 44.233.6.157 |
Apr 19, 2024 19:07:17.265089989 CEST | 443 | 49714 | 44.233.6.157 | 192.168.2.5 |
Apr 19, 2024 19:07:17.464850903 CEST | 443 | 49715 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:17.465176105 CEST | 49715 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:17.469512939 CEST | 49715 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:17.469527006 CEST | 443 | 49715 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:17.469927073 CEST | 443 | 49715 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:17.473052025 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:17.489039898 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:17.517870903 CEST | 49715 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:17.558816910 CEST | 49715 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:17.580512047 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:17.600159883 CEST | 443 | 49715 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:17.665528059 CEST | 443 | 49715 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:17.665721893 CEST | 443 | 49715 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:17.665857077 CEST | 49715 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:17.666038990 CEST | 49715 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:17.666038990 CEST | 49715 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:17.666060925 CEST | 443 | 49715 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:17.666066885 CEST | 443 | 49715 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:17.713048935 CEST | 49716 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:17.713083029 CEST | 443 | 49716 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:17.717216015 CEST | 49716 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:17.717672110 CEST | 49716 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:17.717688084 CEST | 443 | 49716 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:17.929409981 CEST | 443 | 49716 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:17.929594040 CEST | 49716 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:17.932395935 CEST | 49716 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:17.932403088 CEST | 443 | 49716 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:17.932604074 CEST | 443 | 49716 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:17.935161114 CEST | 49716 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:17.976109028 CEST | 443 | 49716 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:18.137777090 CEST | 443 | 49716 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:18.137840986 CEST | 443 | 49716 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:18.137907028 CEST | 49716 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:18.138712883 CEST | 49716 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:18.138751030 CEST | 443 | 49716 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:18.138781071 CEST | 49716 | 443 | 192.168.2.5 | 184.24.36.112 |
Apr 19, 2024 19:07:18.138797045 CEST | 443 | 49716 | 184.24.36.112 | 192.168.2.5 |
Apr 19, 2024 19:07:18.955483913 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 19:07:18.955595016 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:26.591867924 CEST | 443 | 49713 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:07:26.592004061 CEST | 443 | 49713 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:07:26.592472076 CEST | 49713 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:07:26.802141905 CEST | 49713 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:07:26.802201986 CEST | 443 | 49713 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:07:29.383306980 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:29.383495092 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:29.384088039 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:29.384141922 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 19:07:29.384211063 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:29.384502888 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:29.384521008 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 19:07:29.539139986 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 19:07:29.539160967 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 19:07:29.712706089 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 19:07:29.712779045 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:29.845992088 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:29.846018076 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 19:07:29.846611023 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 19:07:29.846664906 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:29.847312927 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:29.847361088 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 19:07:29.847677946 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:29.847686052 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 19:07:30.109481096 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 19:07:30.109622002 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:30.109666109 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 19:07:30.109726906 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:30.109740019 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 19:07:30.109800100 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:30.283283949 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:30.283332109 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 19:07:30.283361912 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:07:30.283396959 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 19:08:16.332483053 CEST | 49727 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:08:16.332537889 CEST | 443 | 49727 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:08:16.332616091 CEST | 49727 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:08:16.333000898 CEST | 49727 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:08:16.333014965 CEST | 443 | 49727 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:08:16.555907011 CEST | 443 | 49727 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:08:16.556229115 CEST | 49727 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:08:16.556247950 CEST | 443 | 49727 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:08:16.556710958 CEST | 443 | 49727 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:08:16.557018995 CEST | 49727 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:08:16.557092905 CEST | 443 | 49727 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:08:16.596688032 CEST | 49727 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:08:26.562959909 CEST | 443 | 49727 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:08:26.563152075 CEST | 443 | 49727 | 173.194.219.104 | 192.168.2.5 |
Apr 19, 2024 19:08:26.563224077 CEST | 49727 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:08:27.089170933 CEST | 49727 | 443 | 192.168.2.5 | 173.194.219.104 |
Apr 19, 2024 19:08:27.089251041 CEST | 443 | 49727 | 173.194.219.104 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 19:07:12.605889082 CEST | 53 | 55198 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 19:07:12.615453959 CEST | 53 | 56902 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 19:07:13.222343922 CEST | 53 | 55619 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 19:07:14.449368000 CEST | 60281 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 19:07:14.449517012 CEST | 63584 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 19:07:15.032963991 CEST | 53 | 63584 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 19:07:15.051974058 CEST | 53 | 60281 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 19:07:16.106029034 CEST | 62547 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 19:07:16.106462955 CEST | 54254 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 19:07:16.272366047 CEST | 54007 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 19:07:16.272917032 CEST | 56221 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 19:07:16.376977921 CEST | 53 | 54007 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 19:07:16.377697945 CEST | 53 | 56221 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 19:07:16.440660954 CEST | 53 | 62547 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 19:07:16.698317051 CEST | 53 | 54254 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 19:07:31.014817953 CEST | 53 | 58722 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 19:07:49.969783068 CEST | 53 | 59500 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 19:08:11.826966047 CEST | 53 | 55932 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 19:08:12.714426041 CEST | 53 | 54250 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Apr 19, 2024 19:07:16.698435068 CEST | 192.168.2.5 | 1.1.1.1 | c284 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 19, 2024 19:07:14.449368000 CEST | 192.168.2.5 | 1.1.1.1 | 0xdc1e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 19:07:14.449517012 CEST | 192.168.2.5 | 1.1.1.1 | 0x9a0e | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 19, 2024 19:07:16.106029034 CEST | 192.168.2.5 | 1.1.1.1 | 0xc550 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 19:07:16.106462955 CEST | 192.168.2.5 | 1.1.1.1 | 0x8d7b | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 19, 2024 19:07:16.272366047 CEST | 192.168.2.5 | 1.1.1.1 | 0x3686 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 19:07:16.272917032 CEST | 192.168.2.5 | 1.1.1.1 | 0x83e4 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2024 19:07:15.032963991 CEST | 1.1.1.1 | 192.168.2.5 | 0x9a0e | No error (0) | sganalytics.us1.outplayr.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:15.032963991 CEST | 1.1.1.1 | 192.168.2.5 | 0x9a0e | No error (0) | us1-cx.outplayhq.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:15.051974058 CEST | 1.1.1.1 | 192.168.2.5 | 0xdc1e | No error (0) | sganalytics.us1.outplayr.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:15.051974058 CEST | 1.1.1.1 | 192.168.2.5 | 0xdc1e | No error (0) | us1-cx.outplayhq.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:15.051974058 CEST | 1.1.1.1 | 192.168.2.5 | 0xdc1e | No error (0) | 35.82.218.25 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:15.051974058 CEST | 1.1.1.1 | 192.168.2.5 | 0xdc1e | No error (0) | 44.233.6.157 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:15.051974058 CEST | 1.1.1.1 | 192.168.2.5 | 0xdc1e | No error (0) | 35.167.48.6 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:16.376977921 CEST | 1.1.1.1 | 192.168.2.5 | 0x3686 | No error (0) | 173.194.219.104 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:16.376977921 CEST | 1.1.1.1 | 192.168.2.5 | 0x3686 | No error (0) | 173.194.219.106 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:16.376977921 CEST | 1.1.1.1 | 192.168.2.5 | 0x3686 | No error (0) | 173.194.219.99 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:16.376977921 CEST | 1.1.1.1 | 192.168.2.5 | 0x3686 | No error (0) | 173.194.219.105 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:16.376977921 CEST | 1.1.1.1 | 192.168.2.5 | 0x3686 | No error (0) | 173.194.219.103 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:16.376977921 CEST | 1.1.1.1 | 192.168.2.5 | 0x3686 | No error (0) | 173.194.219.147 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:16.377697945 CEST | 1.1.1.1 | 192.168.2.5 | 0x83e4 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 19, 2024 19:07:16.440660954 CEST | 1.1.1.1 | 192.168.2.5 | 0xc550 | No error (0) | sganalytics.us1.outplayr.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:16.440660954 CEST | 1.1.1.1 | 192.168.2.5 | 0xc550 | No error (0) | us1-cx.outplayhq.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:16.440660954 CEST | 1.1.1.1 | 192.168.2.5 | 0xc550 | No error (0) | 44.233.6.157 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:16.440660954 CEST | 1.1.1.1 | 192.168.2.5 | 0xc550 | No error (0) | 35.167.48.6 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:16.440660954 CEST | 1.1.1.1 | 192.168.2.5 | 0xc550 | No error (0) | 35.82.218.25 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:16.698317051 CEST | 1.1.1.1 | 192.168.2.5 | 0x8d7b | No error (0) | sganalytics.us1.outplayr.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:16.698317051 CEST | 1.1.1.1 | 192.168.2.5 | 0x8d7b | No error (0) | us1-cx.outplayhq.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:29.156176090 CEST | 1.1.1.1 | 192.168.2.5 | 0x7897 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:29.156176090 CEST | 1.1.1.1 | 192.168.2.5 | 0x7897 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:42.492870092 CEST | 1.1.1.1 | 192.168.2.5 | 0x3f8f | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 19:07:42.492870092 CEST | 1.1.1.1 | 192.168.2.5 | 0x3f8f | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:08:05.094746113 CEST | 1.1.1.1 | 192.168.2.5 | 0xa607 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 19:08:05.094746113 CEST | 1.1.1.1 | 192.168.2.5 | 0xa607 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:08:24.577888966 CEST | 1.1.1.1 | 192.168.2.5 | 0x84b8 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 19:08:24.577888966 CEST | 1.1.1.1 | 192.168.2.5 | 0x84b8 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:08:30.149144888 CEST | 1.1.1.1 | 192.168.2.5 | 0x6e9a | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:08:30.149144888 CEST | 1.1.1.1 | 192.168.2.5 | 0x6e9a | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49711 | 35.82.218.25 | 443 | 5740 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:07:15 UTC | 749 | OUT | |
2024-04-19 17:07:15 UTC | 502 | IN | |
2024-04-19 17:07:15 UTC | 74 | IN | |
2024-04-19 17:07:15 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49712 | 35.82.218.25 | 443 | 5740 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:07:15 UTC | 683 | OUT | |
2024-04-19 17:07:16 UTC | 723 | IN | |
2024-04-19 17:07:16 UTC | 3392 | IN | |
2024-04-19 17:07:16 UTC | 2038 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49714 | 44.233.6.157 | 443 | 5740 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:07:16 UTC | 356 | OUT | |
2024-04-19 17:07:17 UTC | 723 | IN | |
2024-04-19 17:07:17 UTC | 3392 | IN | |
2024-04-19 17:07:17 UTC | 2038 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49715 | 184.24.36.112 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:07:17 UTC | 161 | OUT | |
2024-04-19 17:07:17 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49716 | 184.24.36.112 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:07:17 UTC | 239 | OUT | |
2024-04-19 17:07:18 UTC | 531 | IN | |
2024-04-19 17:07:18 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
5 | 192.168.2.5 | 49722 | 23.1.237.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 17:07:29 UTC | 2148 | OUT | |
2024-04-19 17:07:29 UTC | 1 | OUT | |
2024-04-19 17:07:29 UTC | 2483 | OUT | |
2024-04-19 17:07:30 UTC | 480 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 19:07:08 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 19:07:10 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 19:07:13 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |