Windows
Analysis Report
https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/index.html?phone=null
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 3736 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 3484 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2020 --fi eld-trial- handle=198 0,i,152755 4210018304 3275,11099 7094550818 70690,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6424 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://k19gd tyrshgcjgh ldjk.z13.w eb.core.wi ndows.net/ Win/index. html?phone =null" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_TechSupportScam | Yara detected TechSupportScam | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_TechSupportScam | Yara detected TechSupportScam | Joe Security | ||
JoeSecurity_TechSupportScam | Yara detected TechSupportScam | Joe Security | ||
JoeSecurity_TechSupportScam | Yara detected TechSupportScam | Joe Security | ||
JoeSecurity_TechSupportScam | Yara detected TechSupportScam | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | SlashNext: |
Phishing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Spam, unwanted Advertisements and Ransom Demands |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | SlashNext | Scareware type: Phishing & Social Engineering |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
ipwho.is | 15.204.213.5 | true | false | unknown | |
code.jquery.com | 151.101.2.137 | true | false | high | |
www.google.com | 142.250.9.104 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
151.101.2.137 | code.jquery.com | United States | 54113 | FASTLYUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
15.204.213.5 | ipwho.is | United States | 71 | HP-INTERNET-ASUS | false | |
142.250.9.104 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428993 |
Start date and time: | 2024-04-20 00:56:29 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 22s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/index.html?phone=null |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.phis.win@16/55@8/5 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.9.94, 64.233.176.113, 64.233.176.101, 64.233.176.102, 64.233.176.139, 64.233.176.138, 64.233.176.100, 142.250.105.84, 34.104.35.123, 20.209.226.68, 52.165.165.26, 199.232.210.172, 20.3.187.198, 192.229.211.108, 13.95.31.18, 40.68.123.157, 64.233.185.94, 13.85.23.86
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/index.html?phone=null
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 17295 |
Entropy (8bit): | 5.439623743073583 |
Encrypted: | false |
SSDEEP: | 384:lU2vV/iJO2Oe/8/7NV/iJOQjtc2pktOTSArwtRwtOMKeabBlW7/KaDUvGtKItKDk:LdUSX4JQWYC8r1PjitfT |
MD5: | 052BC0DCB5622F50D1C1EB00250AF381 |
SHA1: | D61BE136DA9091D82D636257E85181356E59E084 |
SHA-256: | C692CD4EBE760C68002F1AE4E10773CE1245981304E18CD238EEAC4B58B21351 |
SHA-512: | 2BB73512B363870487B98D030B69D2D999C1818F17D2F21399E995007446EAB4D7DA43F9E95EBAD87545D8E5CC6A6D12B3492AC53A1F3CD215DBD39F2B74E5C0 |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/index.html?phone=null |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 503 |
Entropy (8bit): | 4.806069034061486 |
Encrypted: | false |
SSDEEP: | 6:dnPaKIGCRUJACRqSYP8B8PFCZrdEGCXaAVylvTGBi1fWBCE+ZQiGTGBC/ry1TGBD:dS7SsP3CTEGCbslvTWrBCV/lBC/TBC/Q |
MD5: | CD6C33FBC221D0271C910AF910E6EBED |
SHA1: | 9B52F24D6F10B885BB19DB1C4B531469F96D2914 |
SHA-256: | 318698AE5E67C32550D6B40AC09848D598F6317F51A8F09638BA925F6E7CC479 |
SHA-512: | 13D12EE60E01EC4DDE5C1BED73A607A891D5CC857A6E161034E71159BD2A352A0F4AD8EF6038CCB2B5D7F23B8899BF9BCB97AA39EAFCC6AE985CDC835E061412 |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/12jupiter.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 18100 |
Entropy (8bit): | 4.8559449937955845 |
Encrypted: | false |
SSDEEP: | 192:T5pyua9kzmx5XO0CfsXLruzG61fMDOe1tFpFabFGY5xrsJoqSr2VrqODz7frYY+O:VpyusXrJm3gGCr |
MD5: | 61B8B80C330B89CC536FA4FC8AFB3EB5 |
SHA1: | F3ECEA02C164CDDC93D278B39434B224541407BC |
SHA-256: | 22B2C21CD86FF8E53B784C5E40608872A0666F3682D1331829EB8A643F50B3E4 |
SHA-512: | 4770CB82FF23ED4985EB0A44C51C4439678D48691925F5B2D0861EAE60122B2BF1D9883AAD47106C49366D5249E4F9506690C665A7FD9FD2D1518051CF671927 |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/12tapa.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 364 |
Entropy (8bit): | 7.161449027375991 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi |
MD5: | E144C3378090087C8CE129A30CB6CB4E |
SHA1: | 59DA5466551DE941D0215E45C54AA2CEAF436BE1 |
SHA-256: | B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A |
SHA-512: | 3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14751 |
Entropy (8bit): | 7.927919850442063 |
Encrypted: | false |
SSDEEP: | 384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH |
MD5: | 6FCB78E0CD7933A70EEA2CF071F82118 |
SHA1: | 70364BFFD62FE33360ABE70ECC7F7C0541B3B54C |
SHA-256: | 4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86 |
SHA-512: | AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 321 |
Entropy (8bit): | 5.088689207863436 |
Encrypted: | false |
SSDEEP: | 6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOAp4KKR2p02Z/N0SQG5E:hax0rKRHkhzRH/Un2i2GprK5YWOAp4Kw |
MD5: | B76941710EB45266E8362D5EC3D26D28 |
SHA1: | E63CC1BA63BD00E9F95DEEA371CCC48B8660C2F6 |
SHA-256: | D2BA04B8578C3A0636493EF281BDB058584B0A5201A969AF8C3C3CEBA39EC6FE |
SHA-512: | E6454939CAF744C1B68F16DEEC6C9DA70E3F2814CFA7CEC56D6B5B6038073C8EB4421C82C5A0F6A815A280533F4ABF1DA5492FDD3ADE17FBE47EDA07DDF85EE0 |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/w3.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1389 |
Entropy (8bit): | 5.224877497830799 |
Encrypted: | false |
SSDEEP: | 24:cnrtRRk8PGrWaeTg7jCK9BUQ00aKM9HQlUANQ8IvIHIM0xJVtZ4bgy5p29pz:aXPGreToTeHQlUZc0xJV3Ly5p29Z |
MD5: | 80D369914D99DB44AC4AA60024ADF5F8 |
SHA1: | 74F20B735E0A88954A1A69CCC7AF4C78E4D9C494 |
SHA-256: | 5A1BC6EE4CC04B8E259BB929BB29D87E8B7EB540F2DC67CBD3BB7DBBE57FD28F |
SHA-512: | 997FFA5CFF703F2DCAA8DF49A71A4F1A1DAAB877F2BCC6C02A2863AFE0189F0F322542689B24AE04725953BA769FF0091E52E5B5486B2CF2D359AFFECE73FD65 |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/12script.compat.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 187 |
Entropy (8bit): | 6.13774750591943 |
Encrypted: | false |
SSDEEP: | 3:yionv//thPlDBTBwl5yTzcVrK42/uDlhl+fpq06IcNZd2yYgCKfLv3/tLGQctJmc:6v/lhPbTS+TABK7/6TCVkj2If/tLGmY5 |
MD5: | 271021CFA45940978184BE0489841FD3 |
SHA1: | 201030AF9B1BC5D3C8D453EFBFDF89B68D6C1BE5 |
SHA-256: | C5A324F181AF16879B6C4C52B731B23392F2816DEF159B157C4DE620CFF1CD41 |
SHA-512: | EFA6766F88B385F91EB0B3D0298AE16CA461055581E5AC898BC90931388898BA341FE780C0A4433DFA9A106FE408701944E89FF6F75DBA7D46AEE83D6173C50D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1270 |
Entropy (8bit): | 6.670080953747829 |
Encrypted: | false |
SSDEEP: | 24:Y70L1hSWwjx82lY2T3wQV/duYWXN6yJ3VmhW9/G4LF3+F5daOZt2gwF:YoBNn2cQNyXHJ3L9TFuFaW2go |
MD5: | 05CDF1A2C2FC8F07BEA0A8F4F9356637 |
SHA1: | B7BBD626D1D6C832509E820CAE1D971B34F625E6 |
SHA-256: | AFE332157F4EFE355F3181284E99F4331C4D19703ED1678B5316D2933F95E98E |
SHA-512: | D8F168BBEE250FAC06382AA8FA52B6AD72AF44C760E474BC0F3E6DA94BA1677F90B543EC582A345BD8DEC45BD1705A81DEE797E718D028E47FCFF9044D4200E6 |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/pcm.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 276 |
Entropy (8bit): | 5.44393413565082 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPfElUH+sbxFMAhClyVRpkv2g96+RWT8up:6v/7klbsbzTh2spkv2gR9c |
MD5: | 7616D96C388301E391653647E1F5F057 |
SHA1: | B1868C8F0F46309A8E26F584AC82000D54C06ECD |
SHA-256: | 4C1606563842CCE5F1788329D4417AE3618B33C6365C56A7122439B6AB45C977 |
SHA-512: | C7E5938D274D9D8B5218CF05F83B9B14CC89D1C9B4A7A18596354C548A84D499BC3818E242EDB2F1376A561DEC7DEBA134DD2ADAAC0283C145DA77CA43A8E517 |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/bel.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 364 |
Entropy (8bit): | 7.161449027375991 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPkd5nDsLiRa6NhNj1aUIXtYRJiTDc7VkC0hWQpPBPFLsfd9EZXlo1p:6v/7yOLiRa6NzJJyusykCmpBFLoGi |
MD5: | E144C3378090087C8CE129A30CB6CB4E |
SHA1: | 59DA5466551DE941D0215E45C54AA2CEAF436BE1 |
SHA-256: | B13A03E0DB893734298CBE203BF264407636FFE5DAB0A141F83C492D0034DD6A |
SHA-512: | 3004885B1DCC8C8544024F3C1345B80AB6B50759F290A3545BFA4ED7EA93426E838B7A04556294298BAD1C6198431FBDE06E999628E45DE10119DD1D4FABE32A |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/set.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 12813 |
Entropy (8bit): | 5.275225965210271 |
Encrypted: | false |
SSDEEP: | 384:/K+GYrCNfT6nlQnJndnzcL1RcLQkcLRkcLakcLMkcLpkcLCkcLtkcLQkcLRkcLaG:gVaRUPwQnMZUPwus |
MD5: | CE26B8B0A094F1A9F302B953D697991D |
SHA1: | 8C818F1A0B0A07F63FB3D84AF1A93D5484DAB917 |
SHA-256: | CC08D065767FB67D7CF06796B66DD14C2FF20250A1B16A9AA9CAF1530C0F82C7 |
SHA-512: | 84E91C38E7B73AFC990E4669098EB3C936C30D1BA50680C8B4AD348A6D2D3E9368C97E1D7C3B9316AEDCD76A5B10F523A8BD3F1DC52AD2323EDD131CA1140891 |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/asd.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 200832 |
Entropy (8bit): | 7.695958183565904 |
Encrypted: | false |
SSDEEP: | 6144:4lsFCVxSmdxiWKwHtlYMKrXFTNRp+TSAU1M:4lHVx5ihwHvYrDRhAU2 |
MD5: | 0116152611DD51432E852781F8CC7E82 |
SHA1: | 2408D3D281B25649894F78A4E19F7F8A8AC735F9 |
SHA-256: | FC59BBB18F923747B9CD3F3B23537FF09C5AD2FDFC1505A4800A3F269A234E65 |
SHA-512: | 4378F49A8E77BA6F34DC8B0F738B1FDBFA1E686CFB60C07E83B9D76F4EAB1CCF444785FEE5B9932DA77E42FA189BB14FFCAFAC3D9C9965CBF276C2D06AA94CB0 |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/jfbvd737nn.mp3:2f75114b6ce849:0 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 276 |
Entropy (8bit): | 5.44393413565082 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPfElUH+sbxFMAhClyVRpkv2g96+RWT8up:6v/7klbsbzTh2spkv2gR9c |
MD5: | 7616D96C388301E391653647E1F5F057 |
SHA1: | B1868C8F0F46309A8E26F584AC82000D54C06ECD |
SHA-256: | 4C1606563842CCE5F1788329D4417AE3618B33C6365C56A7122439B6AB45C977 |
SHA-512: | C7E5938D274D9D8B5218CF05F83B9B14CC89D1C9B4A7A18596354C548A84D499BC3818E242EDB2F1376A561DEC7DEBA134DD2ADAAC0283C145DA77CA43A8E517 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2681 |
Entropy (8bit): | 7.104642717027869 |
Encrypted: | false |
SSDEEP: | 48:YCCiUUMR6p8vP/DjQ2aMGRXRXRXRXRXRXRXRXRXyBQ1FIyDCiiiiiiinrzMxAJl:LVUBvQfMGZZZZZZZZZLFISrQx2l |
MD5: | B01A30D354BFCF51EDF33E0B0EA07402 |
SHA1: | C421359518D1AE258237BF501C563B7F059F8B9B |
SHA-256: | B67A7C07A045D7CB0F2E216A557AEC0D99405E17C36D1A6B1FF3E2733AA35348 |
SHA-512: | D5424C1A03F03B72A5EE1F6F1962F07BDF9EFCEAA71299965F1EA28CD2E52AD899C1D8AE327754D5B39B355904EF7C9F26E724EA29C30B76074F87443416B3DA |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/cs.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 722 |
Entropy (8bit): | 7.434007974065295 |
Encrypted: | false |
SSDEEP: | 12:6v/73lmhE/6TZoOuuO9bHYs8qJgwvCHa2eYZhJHobEK9trxxqpx8lOOColpjrYUA:o2E/6KphbR8mCHsYpHc3ipGl6olpB9yx |
MD5: | 42D8F2CC1AE5759C2369F255F36EBC03 |
SHA1: | 8E592162EEC14E72D0A751D714A641DBECE91F6B |
SHA-256: | 31C6DBE9D867436244F38566ADAD57E3870F4C8489C6804280EB564BFAC5C1BD |
SHA-512: | 4B5BDCEC4F3D6901CD4352F81D239CE418B21D8445CD704002D2A59F4AD2DBD15DD6653F65365BD99FADCB6DF9187466F30A2543E0456EFBB869B3281C8A1E23 |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/vsc.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 84272 |
Entropy (8bit): | 5.369711660456133 |
Encrypted: | false |
SSDEEP: | 1536:iP1vk7i6GUHdXXeyQazBu+4HhiO2wd0uJO1z6/A4fGAub0i4ULgGiyz4npa98Hrr:Z4UdWJiz6UAIJ8pa98Hrr |
MD5: | A8325A8DDDC75EB4CD78A4C9D207AAF3 |
SHA1: | 5A956570FBFFD26B497F38EA3A28F0BC075D5EFC |
SHA-256: | 46B5242C5EB6B3B71EF2606F2D0D700142AE58B53C6D018E6BF06BAB62437E1B |
SHA-512: | 7C18B2C845561A84E23020D9B3079E6CE9428F5BE3B784F25DA163D770D34FC12316DAD34C74F6EB256539ED00F57CC70457F242C91AA673A2A3F311111FB26E |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/12noir.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 168 |
Entropy (8bit): | 5.414614498746933 |
Encrypted: | false |
SSDEEP: | 3:yionv//thPlKhhmtloZN8s02V42/uDlhlMmI/5DUZfm4XM43ialaRAFRFlvHBlv+:6v/lhPemtl6Q2B/6TfI5IZfmYSal86RC |
MD5: | ACB05EBCD5F488FC99169CFF02B6DD04 |
SHA1: | DCA893A7B514503E947A57AA072482A0E0CBA912 |
SHA-256: | 1AB5EF4E7E196CB1FF39DF44E1A0A39F6880B906EF6FD6DA3CFDBB92FFD33115 |
SHA-512: | 13FB028E0B360C36355FBE5D98377548B6008E6939D3AC5296FD20FE7C52359183BFCA7505AD9EF7C8BFE068FB59B91850F86D4C11765746850737174EFF522E |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/msmm.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 7.104642717027869 |
Encrypted: | false |
SSDEEP: | 48:YCCiUUMR6p8vP/DjQ2aMGRXRXRXRXRXRXRXRXRXyBQ1FIyDCiiiiiiinrzMxAJl:LVUBvQfMGZZZZZZZZZLFISrQx2l |
MD5: | B01A30D354BFCF51EDF33E0B0EA07402 |
SHA1: | C421359518D1AE258237BF501C563B7F059F8B9B |
SHA-256: | B67A7C07A045D7CB0F2E216A557AEC0D99405E17C36D1A6B1FF3E2733AA35348 |
SHA-512: | D5424C1A03F03B72A5EE1F6F1962F07BDF9EFCEAA71299965F1EA28CD2E52AD899C1D8AE327754D5B39B355904EF7C9F26E724EA29C30B76074F87443416B3DA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 168 |
Entropy (8bit): | 5.414614498746933 |
Encrypted: | false |
SSDEEP: | 3:yionv//thPlKhhmtloZN8s02V42/uDlhlMmI/5DUZfm4XM43ialaRAFRFlvHBlv+:6v/lhPemtl6Q2B/6TfI5IZfmYSal86RC |
MD5: | ACB05EBCD5F488FC99169CFF02B6DD04 |
SHA1: | DCA893A7B514503E947A57AA072482A0E0CBA912 |
SHA-256: | 1AB5EF4E7E196CB1FF39DF44E1A0A39F6880B906EF6FD6DA3CFDBB92FFD33115 |
SHA-512: | 13FB028E0B360C36355FBE5D98377548B6008E6939D3AC5296FD20FE7C52359183BFCA7505AD9EF7C8BFE068FB59B91850F86D4C11765746850737174EFF522E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 187 |
Entropy (8bit): | 6.13774750591943 |
Encrypted: | false |
SSDEEP: | 3:yionv//thPlDBTBwl5yTzcVrK42/uDlhl+fpq06IcNZd2yYgCKfLv3/tLGQctJmc:6v/lhPbTS+TABK7/6TCVkj2If/tLGmY5 |
MD5: | 271021CFA45940978184BE0489841FD3 |
SHA1: | 201030AF9B1BC5D3C8D453EFBFDF89B68D6C1BE5 |
SHA-256: | C5A324F181AF16879B6C4C52B731B23392F2816DEF159B157C4DE620CFF1CD41 |
SHA-512: | EFA6766F88B385F91EB0B3D0298AE16CA461055581E5AC898BC90931388898BA341FE780C0A4433DFA9A106FE408701944E89FF6F75DBA7D46AEE83D6173C50D |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/mnc.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 722 |
Entropy (8bit): | 7.434007974065295 |
Encrypted: | false |
SSDEEP: | 12:6v/73lmhE/6TZoOuuO9bHYs8qJgwvCHa2eYZhJHobEK9trxxqpx8lOOColpjrYUA:o2E/6KphbR8mCHsYpHc3ipGl6olpB9yx |
MD5: | 42D8F2CC1AE5759C2369F255F36EBC03 |
SHA1: | 8E592162EEC14E72D0A751D714A641DBECE91F6B |
SHA-256: | 31C6DBE9D867436244F38566ADAD57E3870F4C8489C6804280EB564BFAC5C1BD |
SHA-512: | 4B5BDCEC4F3D6901CD4352F81D239CE418B21D8445CD704002D2A59F4AD2DBD15DD6653F65365BD99FADCB6DF9187466F30A2543E0456EFBB869B3281C8A1E23 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25288 |
Entropy (8bit): | 7.95276769980914 |
Encrypted: | false |
SSDEEP: | 768:Z8B3CUsd1z0SiGLJnjaj4G9xzTXg+7F97YcOt:Z8NCUm1zDi+J+zpch |
MD5: | 38AB4E4A2DF49047C71FF96553A3EC05 |
SHA1: | 7CCFCDC72611E9134790E555D1FEEEE63D8C8121 |
SHA-256: | 5E0506E9F5736D25677B197CB223B3C6DE29D52D06DA4AA9A4B2006B28D5039A |
SHA-512: | 63219379A95A41AFFBFF327C5162B766237F167B4B0A2754DC6B82C6F3ECD4BB06F959BA69220458EEAF5842B00DA0B45F578D2828B72AEB487B25D0FA78C3A8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 14751 |
Entropy (8bit): | 7.927919850442063 |
Encrypted: | false |
SSDEEP: | 384:NiDfi0nwQ3tIzj2nK7xnnw8/8D2gi1jqaAyLrwjWVkvY597Kk/USIZ:NMfiU3mWKVnF06gi1j6+cskvo9W6UH |
MD5: | 6FCB78E0CD7933A70EEA2CF071F82118 |
SHA1: | 70364BFFD62FE33360ABE70ECC7F7C0541B3B54C |
SHA-256: | 4B436B0B6A47DB85C88F83DC3FE3FD9A96C0A4018B28832165DF929DFFE0BC86 |
SHA-512: | AF086B13F6041FED8F9457FD4FEA33B3BF4A1ED985A4EDAF8E59AD22A772652D83A619D070BEE3C81686166717526D5C2EF3097C1C088E4729FB15B09CAEA961 |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/re.gif |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 25288 |
Entropy (8bit): | 7.95276769980914 |
Encrypted: | false |
SSDEEP: | 768:Z8B3CUsd1z0SiGLJnjaj4G9xzTXg+7F97YcOt:Z8NCUm1zDi+J+zpch |
MD5: | 38AB4E4A2DF49047C71FF96553A3EC05 |
SHA1: | 7CCFCDC72611E9134790E555D1FEEEE63D8C8121 |
SHA-256: | 5E0506E9F5736D25677B197CB223B3C6DE29D52D06DA4AA9A4B2006B28D5039A |
SHA-512: | 63219379A95A41AFFBFF327C5162B766237F167B4B0A2754DC6B82C6F3ECD4BB06F959BA69220458EEAF5842B00DA0B45F578D2828B72AEB487B25D0FA78C3A8 |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/12bg4.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 332 |
Entropy (8bit): | 6.871743379185684 |
Encrypted: | false |
SSDEEP: | 6:6v/lhP8SsClmDlhK7/6TmMUnl/iIntVNqCsCja6K97kCuQKQZ99z/p7WMFbip:6v/7NLlWhE/6TmLnl/vtiC068A3/IVxs |
MD5: | 9D8A90A63D20F05D27E5D6ABB35E0CD0 |
SHA1: | 5873B4007E9D55B4D891A4C427B3735ED23DBFE8 |
SHA-256: | 7DF9F467D23EE1887EDB2123CCA10A1A9C4624CDCF7199C64E78A8430031F9F5 |
SHA-512: | DE64196F0A8E375DB6E4EFFF5F53AD2E77B9336D045C937C81CE1F1DED039844AB0E9F66B1599301CAF795532C9F03F0A6FD45A0117233C4BF2862419C280CC6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 720 |
Entropy (8bit): | 5.094554100670686 |
Encrypted: | false |
SSDEEP: | 12:YS4YhZImV+xaNmd6wpHb2WJHXmjCM2L+sHi3y2ARQDosJDNCFaq/Pe5sj+VkoYoY:YL0RNMhHbVJ3mjP2SC21RCFrnjaVYoY |
MD5: | 1635D61A2D1106E26F5E15FE94996F72 |
SHA1: | C2BE85F309F3247041C75321EB6BD24548E2DF14 |
SHA-256: | 552F17BDB7622976D1267242F90957832AA5CD5CED945206501C1CC648BCA23A |
SHA-512: | A23BD19078BD9BEB3080AC9D4F2D03F6E78D95E2A4BAED3811CD36B77346F48755AEF83270FF361580ECFFC542D27E1CC23A3F27C684C701ACE22D2360FA1CC8 |
Malicious: | false |
Reputation: | low |
URL: | https://ipwho.is/?lang=en |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 78601 |
Entropy (8bit): | 5.385907842723292 |
Encrypted: | false |
SSDEEP: | 1536:oqD4uWibfmaWWfiw7u/m9LofuENlx9TV6Z+T3VopklvQDPj10XQjdA4+9j:opzYf/t9s5vQD6X2dA4+9j |
MD5: | 73A9C334C5CA71D70D092B42064F6476 |
SHA1: | B75990598EE8D3895448ED9D08726AF63109F842 |
SHA-256: | 517364F2D45162FB5037437B5B6CB953D00D9B2B3B79BA87D9FE57EA6EE6070C |
SHA-512: | B5C7B19A6D0F05CFA33A7F54C1B8075698D922578429789FD4C0A4CE035F563857283C7062E9AB08EC61679B486971F3D83A44135E217E3167E49FADA5A1520A |
Malicious: | false |
Reputation: | low |
URL: | https://code.jquery.com/jquery-1.4.4.min.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1026 |
Entropy (8bit): | 4.6882959953066825 |
Encrypted: | false |
SSDEEP: | 24:7XNLWAtaN83Jfmtr2erK2fvrQbqUbFdJisxYx6qwOBoA:7XNW2aKPSK2fvrdYbJisCMqwO5 |
MD5: | 0033A7EFDDA8A04D2B2DBC539D0BDF33 |
SHA1: | 99729961AE8F1658533EA06878DDF377E1A93229 |
SHA-256: | 7D36D01897478F7AE9E8411129C9ED3EDF11EF36DD6DF835656767D0DBC09FF5 |
SHA-512: | F6032C8DE097C5A176674FE5497F23C9E238E7157CE233EE3E91EC4A98BE0838C1A78F72ED5C0E53381AB8E3198C51E85217A55CC5D4B5054EDB89DFA503572A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 332 |
Entropy (8bit): | 6.871743379185684 |
Encrypted: | false |
SSDEEP: | 6:6v/lhP8SsClmDlhK7/6TmMUnl/iIntVNqCsCja6K97kCuQKQZ99z/p7WMFbip:6v/7NLlWhE/6TmLnl/vtiC068A3/IVxs |
MD5: | 9D8A90A63D20F05D27E5D6ABB35E0CD0 |
SHA1: | 5873B4007E9D55B4D891A4C427B3735ED23DBFE8 |
SHA-256: | 7DF9F467D23EE1887EDB2123CCA10A1A9C4624CDCF7199C64E78A8430031F9F5 |
SHA-512: | DE64196F0A8E375DB6E4EFFF5F53AD2E77B9336D045C937C81CE1F1DED039844AB0E9F66B1599301CAF795532C9F03F0A6FD45A0117233C4BF2862419C280CC6 |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/dm.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 321 |
Entropy (8bit): | 5.093901166913404 |
Encrypted: | false |
SSDEEP: | 6:haxU0H2rKRHX96TdzRHxhgR0zY2i21sasPrK5YWOfiIjDR2p02Z/NIMZgE:hax0rKRHkhzRH/Un2i2GprK5YWOjjDu3 |
MD5: | AAF735890582F4FA7D56E115016A0A39 |
SHA1: | 23D6EC4E4762618828AA84AA90E8159C99950017 |
SHA-256: | 1DC68AEB42FD70792406182DC56C5169FFF734E29705B1E08B74B9EB34F43FD9 |
SHA-512: | 333258D60455AB35F34B24E17B8A7D169BC07E6EFFF0F4B7A2FCF30727F549E9004790CE2F24F9D71D71E3B349EDDA4DDD7995FA712843E17B066F17C6300389 |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/w1.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1270 |
Entropy (8bit): | 6.670080953747829 |
Encrypted: | false |
SSDEEP: | 24:Y70L1hSWwjx82lY2T3wQV/duYWXN6yJ3VmhW9/G4LF3+F5daOZt2gwF:YoBNn2cQNyXHJ3L9TFuFaW2go |
MD5: | 05CDF1A2C2FC8F07BEA0A8F4F9356637 |
SHA1: | B7BBD626D1D6C832509E820CAE1D971B34F625E6 |
SHA-256: | AFE332157F4EFE355F3181284E99F4331C4D19703ED1678B5316D2933F95E98E |
SHA-512: | D8F168BBEE250FAC06382AA8FA52B6AD72AF44C760E474BC0F3E6DA94BA1677F90B543EC582A345BD8DEC45BD1705A81DEE797E718D028E47FCFF9044D4200E6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2055 |
Entropy (8bit): | 5.026061101680606 |
Encrypted: | false |
SSDEEP: | 48:W/iGbnd2lcCB2/GxUH3Mu+Rh9FNGDzjJYx7u9rDTlRSg40:Y9d2ldWEEy7MDE0 |
MD5: | 6EBCBED0DC957CD9298E2629E35A0139 |
SHA1: | E1603B3E92C0828DAEBD15B2DDD12C22CEED5B20 |
SHA-256: | 73310AA233204005C5D97CCD8B6C8C06DDA83205F1DE6571AA798400FB5BEDEB |
SHA-512: | 4A2AC5188B3849C257C4C5497CFEE04DA591A02095EBFBCD51A37FACB4D53D956623549875E4D5F1801CBD7DB6C0DA2D6705FBF1958E794C92915FDC1F37C1D0 |
Malicious: | false |
Reputation: | low |
URL: | https://k19gdtyrshgcjghldjk.z13.web.core.windows.net/Win/12nvidia.js |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 20, 2024 00:57:14.121870041 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Apr 20, 2024 00:57:23.732281923 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Apr 20, 2024 00:57:24.332884073 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.332931042 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.332988024 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.333184004 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.333204985 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.560254097 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.560570955 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.560587883 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.562372923 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.562467098 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.563441038 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.563524008 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.563596010 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.563604116 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.609509945 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.760159969 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.760848999 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.760936022 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.760940075 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.760968924 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.761018991 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.767581940 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.769251108 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.769332886 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.769347906 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.769370079 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.769423008 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.772846937 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.776357889 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.776417017 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.776429892 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.780136108 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.780211926 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.780224085 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.783524990 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.783592939 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.783605099 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.789066076 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.789129019 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.789140940 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.792469978 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.792526960 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.792538881 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.796036959 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.796134949 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.796153069 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.799570084 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.799648046 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.799655914 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.799670935 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.799727917 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.802603960 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.846206903 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.880568981 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.880599976 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.880616903 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.880641937 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.880661964 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.880680084 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.880692005 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.880712032 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.880768061 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.880769014 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.880769014 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.894788980 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.894833088 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.894897938 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.894910097 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.894936085 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.894961119 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.906229019 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.906286001 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.906317949 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.906327963 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.906352997 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.906372070 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.906441927 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:24.906500101 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.906636953 CEST | 49740 | 443 | 192.168.2.4 | 151.101.2.137 |
Apr 20, 2024 00:57:24.906653881 CEST | 443 | 49740 | 151.101.2.137 | 192.168.2.4 |
Apr 20, 2024 00:57:25.252908945 CEST | 49749 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:25.252938986 CEST | 443 | 49749 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:25.253002882 CEST | 49749 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:25.253397942 CEST | 49749 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:25.253407955 CEST | 443 | 49749 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:25.647650003 CEST | 443 | 49749 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:25.689625025 CEST | 49749 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:25.689632893 CEST | 443 | 49749 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:25.693006039 CEST | 443 | 49749 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:25.693080902 CEST | 49749 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:25.695214987 CEST | 49749 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:25.695300102 CEST | 443 | 49749 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:25.695571899 CEST | 49749 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:25.695583105 CEST | 443 | 49749 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:25.735774994 CEST | 49749 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:25.823780060 CEST | 443 | 49749 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:25.823962927 CEST | 443 | 49749 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:25.824012041 CEST | 49749 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:25.835391045 CEST | 49749 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:25.835402966 CEST | 443 | 49749 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:26.158186913 CEST | 49761 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:26.158211946 CEST | 443 | 49761 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:26.158257008 CEST | 49761 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:26.161051989 CEST | 49761 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:26.161062002 CEST | 443 | 49761 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:26.408695936 CEST | 443 | 49761 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:26.409030914 CEST | 49761 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:26.409040928 CEST | 443 | 49761 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:26.410020113 CEST | 443 | 49761 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:26.410100937 CEST | 49761 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:26.410701990 CEST | 49761 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:26.410757065 CEST | 443 | 49761 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:26.411091089 CEST | 49761 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:26.411096096 CEST | 443 | 49761 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:26.451889992 CEST | 49761 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:26.825464964 CEST | 49762 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:26.825506926 CEST | 443 | 49762 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:26.825567007 CEST | 49762 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:26.827534914 CEST | 49762 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:26.827554941 CEST | 443 | 49762 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:26.884426117 CEST | 443 | 49761 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:26.884502888 CEST | 443 | 49761 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:26.884605885 CEST | 49761 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:26.910115004 CEST | 49763 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:57:26.910142899 CEST | 443 | 49763 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:57:26.910279989 CEST | 49763 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:57:26.914429903 CEST | 49763 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:57:26.914441109 CEST | 443 | 49763 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:57:26.940268993 CEST | 49761 | 443 | 192.168.2.4 | 15.204.213.5 |
Apr 20, 2024 00:57:26.940282106 CEST | 443 | 49761 | 15.204.213.5 | 192.168.2.4 |
Apr 20, 2024 00:57:27.111990929 CEST | 443 | 49762 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:27.112086058 CEST | 49762 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:27.119900942 CEST | 49762 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:27.119940042 CEST | 443 | 49762 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:27.120322943 CEST | 443 | 49762 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:27.161284924 CEST | 443 | 49763 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:57:27.161473036 CEST | 49763 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:57:27.161479950 CEST | 443 | 49763 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:57:27.163506031 CEST | 443 | 49763 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:57:27.163559914 CEST | 49763 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:57:27.167284012 CEST | 49762 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:27.174222946 CEST | 49763 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:57:27.174350977 CEST | 443 | 49763 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:57:27.218590975 CEST | 49763 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:57:27.218601942 CEST | 443 | 49763 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:57:27.262541056 CEST | 49763 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:57:27.380486012 CEST | 49762 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:27.424130917 CEST | 443 | 49762 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:27.485981941 CEST | 443 | 49762 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:27.486124039 CEST | 443 | 49762 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:27.486205101 CEST | 49762 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:27.491415977 CEST | 49762 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:27.491466045 CEST | 443 | 49762 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:27.491496086 CEST | 49762 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:27.491513014 CEST | 443 | 49762 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:27.633277893 CEST | 49771 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:27.633313894 CEST | 443 | 49771 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:27.633399010 CEST | 49771 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:27.728905916 CEST | 49771 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:27.728949070 CEST | 443 | 49771 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:27.949788094 CEST | 443 | 49771 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:27.949862003 CEST | 49771 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:27.958694935 CEST | 49771 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:27.958728075 CEST | 443 | 49771 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:27.959091902 CEST | 443 | 49771 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:27.960258007 CEST | 49771 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:28.004148960 CEST | 443 | 49771 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:28.154623032 CEST | 443 | 49771 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:28.154783010 CEST | 443 | 49771 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:28.154854059 CEST | 49771 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:28.155543089 CEST | 49771 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:28.155577898 CEST | 443 | 49771 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:28.155605078 CEST | 49771 | 443 | 192.168.2.4 | 23.63.206.91 |
Apr 20, 2024 00:57:28.155622005 CEST | 443 | 49771 | 23.63.206.91 | 192.168.2.4 |
Apr 20, 2024 00:57:37.195894003 CEST | 443 | 49763 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:57:37.195974112 CEST | 443 | 49763 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:57:37.196072102 CEST | 49763 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:57:37.828517914 CEST | 49763 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:57:37.828548908 CEST | 443 | 49763 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:57:41.541167974 CEST | 80 | 49723 | 69.164.42.0 | 192.168.2.4 |
Apr 20, 2024 00:57:41.541341066 CEST | 49723 | 80 | 192.168.2.4 | 69.164.42.0 |
Apr 20, 2024 00:57:41.541341066 CEST | 49723 | 80 | 192.168.2.4 | 69.164.42.0 |
Apr 20, 2024 00:57:41.646271944 CEST | 80 | 49723 | 69.164.42.0 | 192.168.2.4 |
Apr 20, 2024 00:57:56.155397892 CEST | 80 | 49724 | 69.164.42.0 | 192.168.2.4 |
Apr 20, 2024 00:57:56.155811071 CEST | 49724 | 80 | 192.168.2.4 | 69.164.42.0 |
Apr 20, 2024 00:57:56.158200979 CEST | 49724 | 80 | 192.168.2.4 | 69.164.42.0 |
Apr 20, 2024 00:57:56.262197971 CEST | 80 | 49724 | 69.164.42.0 | 192.168.2.4 |
Apr 20, 2024 00:58:26.633207083 CEST | 49784 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:58:26.633255959 CEST | 443 | 49784 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:58:26.633333921 CEST | 49784 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:58:26.633632898 CEST | 49784 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:58:26.633658886 CEST | 443 | 49784 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:58:26.876396894 CEST | 443 | 49784 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:58:26.876779079 CEST | 49784 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:58:26.876800060 CEST | 443 | 49784 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:58:26.877136946 CEST | 443 | 49784 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:58:26.877500057 CEST | 49784 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:58:26.877561092 CEST | 443 | 49784 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:58:26.918581009 CEST | 49784 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:58:36.875607967 CEST | 443 | 49784 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:58:36.875762939 CEST | 443 | 49784 | 142.250.9.104 | 192.168.2.4 |
Apr 20, 2024 00:58:36.875837088 CEST | 49784 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:58:38.516470909 CEST | 49784 | 443 | 192.168.2.4 | 142.250.9.104 |
Apr 20, 2024 00:58:38.516504049 CEST | 443 | 49784 | 142.250.9.104 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 20, 2024 00:57:22.378134966 CEST | 53 | 58767 | 1.1.1.1 | 192.168.2.4 |
Apr 20, 2024 00:57:22.405252934 CEST | 53 | 59540 | 1.1.1.1 | 192.168.2.4 |
Apr 20, 2024 00:57:23.005790949 CEST | 53 | 60754 | 1.1.1.1 | 192.168.2.4 |
Apr 20, 2024 00:57:24.227025032 CEST | 59340 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 20, 2024 00:57:24.227200031 CEST | 49353 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 20, 2024 00:57:24.332279921 CEST | 53 | 59340 | 1.1.1.1 | 192.168.2.4 |
Apr 20, 2024 00:57:24.332562923 CEST | 53 | 49353 | 1.1.1.1 | 192.168.2.4 |
Apr 20, 2024 00:57:25.125061989 CEST | 61862 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 20, 2024 00:57:25.125228882 CEST | 53299 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 20, 2024 00:57:25.250217915 CEST | 53 | 53299 | 1.1.1.1 | 192.168.2.4 |
Apr 20, 2024 00:57:25.251589060 CEST | 53 | 61862 | 1.1.1.1 | 192.168.2.4 |
Apr 20, 2024 00:57:25.981667042 CEST | 49579 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 20, 2024 00:57:25.982063055 CEST | 51783 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 20, 2024 00:57:26.104763031 CEST | 53 | 49579 | 1.1.1.1 | 192.168.2.4 |
Apr 20, 2024 00:57:26.108194113 CEST | 53 | 51783 | 1.1.1.1 | 192.168.2.4 |
Apr 20, 2024 00:57:26.390090942 CEST | 50708 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 20, 2024 00:57:26.390978098 CEST | 53485 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 20, 2024 00:57:26.496304035 CEST | 53 | 50708 | 1.1.1.1 | 192.168.2.4 |
Apr 20, 2024 00:57:26.497180939 CEST | 53 | 53485 | 1.1.1.1 | 192.168.2.4 |
Apr 20, 2024 00:57:40.027270079 CEST | 53 | 54245 | 1.1.1.1 | 192.168.2.4 |
Apr 20, 2024 00:57:42.687191963 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Apr 20, 2024 00:57:58.975487947 CEST | 53 | 63870 | 1.1.1.1 | 192.168.2.4 |
Apr 20, 2024 00:58:21.754683971 CEST | 53 | 59228 | 1.1.1.1 | 192.168.2.4 |
Apr 20, 2024 00:58:21.956182957 CEST | 53 | 54031 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 20, 2024 00:57:24.227025032 CEST | 192.168.2.4 | 1.1.1.1 | 0x1094 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 00:57:24.227200031 CEST | 192.168.2.4 | 1.1.1.1 | 0xcbcc | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 20, 2024 00:57:25.125061989 CEST | 192.168.2.4 | 1.1.1.1 | 0x5df9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 00:57:25.125228882 CEST | 192.168.2.4 | 1.1.1.1 | 0xabb5 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 20, 2024 00:57:25.981667042 CEST | 192.168.2.4 | 1.1.1.1 | 0xf594 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 00:57:25.982063055 CEST | 192.168.2.4 | 1.1.1.1 | 0x3dea | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 20, 2024 00:57:26.390090942 CEST | 192.168.2.4 | 1.1.1.1 | 0x1c45 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 20, 2024 00:57:26.390978098 CEST | 192.168.2.4 | 1.1.1.1 | 0x62ac | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 20, 2024 00:57:24.332279921 CEST | 1.1.1.1 | 192.168.2.4 | 0x1094 | No error (0) | 151.101.2.137 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:24.332279921 CEST | 1.1.1.1 | 192.168.2.4 | 0x1094 | No error (0) | 151.101.194.137 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:24.332279921 CEST | 1.1.1.1 | 192.168.2.4 | 0x1094 | No error (0) | 151.101.130.137 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:24.332279921 CEST | 1.1.1.1 | 192.168.2.4 | 0x1094 | No error (0) | 151.101.66.137 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:25.251589060 CEST | 1.1.1.1 | 192.168.2.4 | 0x5df9 | No error (0) | 15.204.213.5 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:26.104763031 CEST | 1.1.1.1 | 192.168.2.4 | 0xf594 | No error (0) | 15.204.213.5 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:26.496304035 CEST | 1.1.1.1 | 192.168.2.4 | 0x1c45 | No error (0) | 142.250.9.104 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:26.496304035 CEST | 1.1.1.1 | 192.168.2.4 | 0x1c45 | No error (0) | 142.250.9.103 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:26.496304035 CEST | 1.1.1.1 | 192.168.2.4 | 0x1c45 | No error (0) | 142.250.9.147 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:26.496304035 CEST | 1.1.1.1 | 192.168.2.4 | 0x1c45 | No error (0) | 142.250.9.99 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:26.496304035 CEST | 1.1.1.1 | 192.168.2.4 | 0x1c45 | No error (0) | 142.250.9.105 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:26.496304035 CEST | 1.1.1.1 | 192.168.2.4 | 0x1c45 | No error (0) | 142.250.9.106 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:26.497180939 CEST | 1.1.1.1 | 192.168.2.4 | 0x62ac | No error (0) | 65 | IN (0x0001) | false | |||
Apr 20, 2024 00:57:37.667753935 CEST | 1.1.1.1 | 192.168.2.4 | 0x4987 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:37.667753935 CEST | 1.1.1.1 | 192.168.2.4 | 0x4987 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:38.987445116 CEST | 1.1.1.1 | 192.168.2.4 | 0x2475 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:38.987445116 CEST | 1.1.1.1 | 192.168.2.4 | 0x2475 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:55.140733004 CEST | 1.1.1.1 | 192.168.2.4 | 0xdc32 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 20, 2024 00:57:55.140733004 CEST | 1.1.1.1 | 192.168.2.4 | 0xdc32 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 20, 2024 00:58:14.201802969 CEST | 1.1.1.1 | 192.168.2.4 | 0x9fb0 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 20, 2024 00:58:14.201802969 CEST | 1.1.1.1 | 192.168.2.4 | 0x9fb0 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49740 | 151.101.2.137 | 443 | 3484 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 22:57:24 UTC | 562 | OUT | |
2024-04-19 22:57:24 UTC | 567 | IN | |
2024-04-19 22:57:24 UTC | 1378 | IN | |
2024-04-19 22:57:24 UTC | 1378 | IN | |
2024-04-19 22:57:24 UTC | 1378 | IN | |
2024-04-19 22:57:24 UTC | 1378 | IN | |
2024-04-19 22:57:24 UTC | 1378 | IN | |
2024-04-19 22:57:24 UTC | 1378 | IN | |
2024-04-19 22:57:24 UTC | 1378 | IN | |
2024-04-19 22:57:24 UTC | 1378 | IN | |
2024-04-19 22:57:24 UTC | 1378 | IN | |
2024-04-19 22:57:24 UTC | 1378 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49749 | 15.204.213.5 | 443 | 3484 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 22:57:25 UTC | 602 | OUT | |
2024-04-19 22:57:25 UTC | 255 | IN | |
2024-04-19 22:57:25 UTC | 732 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49761 | 15.204.213.5 | 443 | 3484 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 22:57:26 UTC | 340 | OUT | |
2024-04-19 22:57:26 UTC | 223 | IN | |
2024-04-19 22:57:26 UTC | 1038 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49762 | 23.63.206.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 22:57:27 UTC | 161 | OUT | |
2024-04-19 22:57:27 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49771 | 23.63.206.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 22:57:27 UTC | 239 | OUT | |
2024-04-19 22:57:28 UTC | 531 | IN | |
2024-04-19 22:57:28 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 00:57:16 |
Start date: | 20/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 00:57:20 |
Start date: | 20/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 00:57:22 |
Start date: | 20/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |