Windows
Analysis Report
https://shining-melodic-magnesium.glitch.me/rvicendDev.html
Overview
General Information
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 6256 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6400 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2108 --fi eld-trial- handle=206 0,i,112716 7089697770 8482,13358 5237116052 65383,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 5908 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://shini ng-melodic -magnesium .glitch.me /rvicendDe v.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Timestamp: | 04/25/24-01:58:39.836084 |
SID: | 2029493 |
Source Port: | 58597 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-01:58:40.785101 |
SID: | 2029493 |
Source Port: | 58837 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-01:58:40.784854 |
SID: | 2029493 |
Source Port: | 55404 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/25/24-01:58:39.836231 |
SID: | 2029493 |
Source Port: | 49912 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | SlashNext: |
Source: | Virustotal: | Perma Link |
Phishing |
---|
Source: | Matcher: |
Source: | Matcher: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Memory has grown: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Extra Window Memory Injection | 1 Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Extra Window Memory Injection | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing | ||
5% | Virustotal | Browse | ||
100% | SlashNext | Credential Stealing type: Phishing & Social Engineering |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
cs1100.wpc.omegacdn.net | 152.199.4.44 | true | false | unknown | |
shining-melodic-magnesium.glitch.me | 44.214.198.122 | true | false | high | |
www.google.com | 64.233.176.104 | true | false | high | |
upload.wikimedia.org | 208.80.154.240 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown | |
aadcdn.msftauth.net | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false |
| unknown | |
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
44.214.198.122 | shining-melodic-magnesium.glitch.me | United States | 14618 | AMAZON-AESUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
152.199.4.44 | cs1100.wpc.omegacdn.net | United States | 15133 | EDGECASTUS | false | |
208.80.154.240 | upload.wikimedia.org | United States | 14907 | WIKIMEDIAUS | false | |
64.233.176.104 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431407 |
Start date and time: | 2024-04-25 01:57:48 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 40s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://shining-melodic-magnesium.glitch.me/rvicendDev.html |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal76.phis.win@16/17@14/6 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.217.215.94, 142.250.105.113, 142.250.105.138, 142.250.105.101, 142.250.105.102, 142.250.105.139, 142.250.105.100, 172.253.124.84, 34.104.35.123, 64.233.177.95, 173.194.219.95, 172.253.124.95, 172.217.215.95, 64.233.176.95, 74.125.136.95, 108.177.122.95, 142.250.105.95, 74.125.138.95, 64.233.185.95, 142.251.15.95, 142.250.9.95, 40.68.123.157, 199.232.214.172, 23.40.205.26, 23.40.205.34, 23.40.205.18, 192.229.211.108, 20.3.187.198, 20.242.39.171, 173.194.219.94, 199.232.210.172
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9789886738247926 |
Encrypted: | false |
SSDEEP: | 48:8ndsTQUuHNcidAKZdA19ehwiZUklqehoxy+3:8Kf0qzy |
MD5: | 8080A3BE34F6BCC78821920B36389F7F |
SHA1: | 8F33445D3037B395BE1ECC4762EEA7572E0084CD |
SHA-256: | CFE44F2059ED1AC0D3825F33C37857315E9AA43B531590B7710C5F2966C78621 |
SHA-512: | 734231843B1ACCE9E80226A58E27A0A52570069D0FB3131F1F4805017ADFBCDED0E234449C86A916494DAFE052EB6D18140B8AC207E70578029B8814D944A9B8 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.99574980373461 |
Encrypted: | false |
SSDEEP: | 48:8qdsTQUuHNcidAKZdA1weh/iZUkAQkqehZxy+2:8df0g9QCy |
MD5: | 32E8E745F9448874F8F805AE2A86F598 |
SHA1: | FF46B8CE0BA4B50438490B7B8B3CE26577F905E3 |
SHA-256: | 4830E9B133F5F45E18E901B7989C5720AC9A7E46AC3337148CD4884D1092127D |
SHA-512: | 4F9F56D0F9AC51667BAFE3154A81FD3EA0209DFF2C376E97FEE65E064669CE5A455560578C2BA93CB691A742D14CAD8CAEBFD60EDF49C2AA53E8A18B008A4C4E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.0043914951365585 |
Encrypted: | false |
SSDEEP: | 48:8xldsTQUsHNcidAKZdA14tseh7sFiZUkmgqeh7sXxy+BX:8xEfW4n3y |
MD5: | 2972CA097948B919323F3CB7CA376E18 |
SHA1: | 84D82B0540381916EEA23944B20BA466E5D3DE3D |
SHA-256: | 5D7CACD2039FB8C4EA375C23347191B0EC94A5D075838345BD229BC5D6A5BC0D |
SHA-512: | 0D26D9D3F7C3DC7764AC75248745966196DE1668AF5F3D442C7D0168F0E977401C2A540A3D2779CD2BCD1807D0C8293B8F55DDA3254FF0A6AE0E2B747B0EC324 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9925622223300095 |
Encrypted: | false |
SSDEEP: | 48:8XdsTQUuHNcidAKZdA1vehDiZUkwqehdxy+R:86f0rpy |
MD5: | 6F8A9B96B2AABC87A3A95036CC2BD6A6 |
SHA1: | 5D51DF1DF32A0E2B87BA243CA56BA898286302F1 |
SHA-256: | 3B48FA92FA38AEF2574E41EE024AEBF1722B261E536DD3EB128B475C5D2B1736 |
SHA-512: | 23B99A4A58F26F2F11279A5E9A9EE76E6D28CB2BD63CF036FBD8AACD36F046298B0E8EF9E203F6B3DB13340B19E4A800C72F53E5CDFE91C1FF78C823DC577B81 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.980640800931808 |
Encrypted: | false |
SSDEEP: | 48:8PidsTQUuHNcidAKZdA1hehBiZUk1W1qehTxy+C:8tf0r9ly |
MD5: | D4517D242A1383121B8786C79242FBCF |
SHA1: | 12693622F2573DE4E70A4E8F67A7C734EBC702D2 |
SHA-256: | 500AE71F5986311E48B511BF6C11B6DD18A066BC7B8D896B7AF18D9247AF710E |
SHA-512: | 41E1A9814102B387FF0C92452A1E502933EF6A9E3B58D674558ACF62363E4B96407E8E83141A9372A6125A4F2E06AF6C801995AEE4F8D0C2BCCAD6DD18FEA4B1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9938484399502543 |
Encrypted: | false |
SSDEEP: | 48:8HcdsTQUuHNcidAKZdA1duT+ehOuTbbiZUk5OjqehOuTblxy+yT+:8H7f0LT/TbxWOvTb3y7T |
MD5: | EBFD661B7A91E57375D14F2687CDA353 |
SHA1: | DC44199A02FB42CE0416DBEAE0D9F5C769C11A80 |
SHA-256: | 4870A3AB9EC15F776BAA74C76046FD108790D903F62861175963DED46CCC1D5F |
SHA-512: | ED726A5F59D1EEBD47161E00A21F32518AB2E258863940A8A5306EA3221FD47A208A1788FDC06007556B0B60E621EA27B832F6CF6C944157BB60A701778C603B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4274 |
Entropy (8bit): | 5.275670925084233 |
Encrypted: | false |
SSDEEP: | 96:HoE24Qee5KSlvgOa9jk4L06gBSGLhoOl85TtuCtV+/C/w9L8gttXQvViEsuU:nHSlvBa55jEdoO0Ttvt4/C/w9L8gttXd |
MD5: | F6EDD152435965F96A6AE58C10E618E9 |
SHA1: | F50C2CE7E6C66389A7EFD6CC5C7982558EFF4944 |
SHA-256: | 66458E66ED6D9481CCC6B87556F5E1DB3830ADDE85B741C431AAC8807196B509 |
SHA-512: | EB67C288F81603424E22CD431BB33AF8E90D574C35E77F2DC9906E18FA1CF58CB48312BF0F949212179BD307B6F4E71C4CD1D4E2D93C4E3432C7449BC3B9514C |
Malicious: | false |
Reputation: | low |
URL: | https://shining-melodic-magnesium.glitch.me/rvicendDev.html |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 28 |
Entropy (8bit): | 4.208966082694623 |
Encrypted: | false |
SSDEEP: | 3:G4iCw:ziCw |
MD5: | FE567926364F1F70610B746A64DE9165 |
SHA1: | A11A5E6E799B094612BBBEB4ABF31707F5080C33 |
SHA-256: | 07DCC4C01BD13CC989FEC4730DCB6DEEE43A9C7895DFCCFD5113EAD8B1BFB1F7 |
SHA-512: | 94A588BC0A2500D2B7A53671C00A383A7A2030F593E910E7B96FB4768C28F649CEE4E9263D5EF388706D82F9EF344B337D416A4CBEAC78217A5EC86E21AB2D7E |
Malicious: | false |
Reputation: | low |
URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwlA2ZezmGQrdBIFDVNVgbUSBQ3OQUx6?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3651 |
Entropy (8bit): | 4.094801914706141 |
Encrypted: | false |
SSDEEP: | 96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO |
MD5: | EE5C8D9FB6248C938FD0DC19370E90BD |
SHA1: | D01A22720918B781338B5BBF9202B241A5F99EE4 |
SHA-256: | 04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A |
SHA-512: | C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 100727 |
Entropy (8bit): | 7.576212282061622 |
Encrypted: | false |
SSDEEP: | 3072:oqZjsdMCBhLZXM8rueU6o8Amk93VdDaly:bjsdMCBI8rueXMtDaE |
MD5: | 39F9670257CF2C47B21177E26205540A |
SHA1: | 3F961150D0BC99CC951F50509AE53C282EFE28B1 |
SHA-256: | 0CC3FED62E8B1F2D7C8F2A6937957914C8E8ABFA355F57906053E3D274D238B7 |
SHA-512: | A35CE2F31E2A21790F0EA8090DF784310FD7A5666C3D91AD767223E208F7C3AAEBFE6C3041F2E95A8885613E66A956F83262DCDDAC361F50EB1D61FCFB4D8B6F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4274 |
Entropy (8bit): | 5.275670925084233 |
Encrypted: | false |
SSDEEP: | 96:HoE24Qee5KSlvgOa9jk4L06gBSGLhoOl85TtuCtV+/C/w9L8gttXQvViEsuU:nHSlvBa55jEdoO0Ttvt4/C/w9L8gttXd |
MD5: | F6EDD152435965F96A6AE58C10E618E9 |
SHA1: | F50C2CE7E6C66389A7EFD6CC5C7982558EFF4944 |
SHA-256: | 66458E66ED6D9481CCC6B87556F5E1DB3830ADDE85B741C431AAC8807196B509 |
SHA-512: | EB67C288F81603424E22CD431BB33AF8E90D574C35E77F2DC9906E18FA1CF58CB48312BF0F949212179BD307B6F4E71C4CD1D4E2D93C4E3432C7449BC3B9514C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 100727 |
Entropy (8bit): | 7.576212282061622 |
Encrypted: | false |
SSDEEP: | 3072:oqZjsdMCBhLZXM8rueU6o8Amk93VdDaly:bjsdMCBI8rueXMtDaE |
MD5: | 39F9670257CF2C47B21177E26205540A |
SHA1: | 3F961150D0BC99CC951F50509AE53C282EFE28B1 |
SHA-256: | 0CC3FED62E8B1F2D7C8F2A6937957914C8E8ABFA355F57906053E3D274D238B7 |
SHA-512: | A35CE2F31E2A21790F0EA8090DF784310FD7A5666C3D91AD767223E208F7C3AAEBFE6C3041F2E95A8885613E66A956F83262DCDDAC361F50EB1D61FCFB4D8B6F |
Malicious: | false |
Reputation: | low |
URL: | https://upload.wikimedia.org/wikipedia/commons/thumb/3/34/Microsoft_Office_Excel_%282019%E2%80%93present%29.svg/2203px-Microsoft_Office_Excel_%282019%E2%80%93present%29.svg.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3651 |
Entropy (8bit): | 4.094801914706141 |
Encrypted: | false |
SSDEEP: | 96:wO4DZ+Stb/jY+eo4hAryAes9mBYYQgWLDm9:wToSBjlevudl9nO |
MD5: | EE5C8D9FB6248C938FD0DC19370E90BD |
SHA1: | D01A22720918B781338B5BBF9202B241A5F99EE4 |
SHA-256: | 04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A |
SHA-512: | C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58 |
Malicious: | false |
Reputation: | low |
URL: | https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg |
Preview: |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/25/24-01:58:39.836084 | UDP | 2029493 | ET CURRENT_EVENTS Possible Glitch.me Phishing Domain | 58597 | 53 | 192.168.2.5 | 1.1.1.1 |
04/25/24-01:58:40.785101 | UDP | 2029493 | ET CURRENT_EVENTS Possible Glitch.me Phishing Domain | 58837 | 53 | 192.168.2.5 | 1.1.1.1 |
04/25/24-01:58:40.784854 | UDP | 2029493 | ET CURRENT_EVENTS Possible Glitch.me Phishing Domain | 55404 | 53 | 192.168.2.5 | 1.1.1.1 |
04/25/24-01:58:39.836231 | UDP | 2029493 | ET CURRENT_EVENTS Possible Glitch.me Phishing Domain | 49912 | 53 | 192.168.2.5 | 1.1.1.1 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 01:58:31.599306107 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:31.602655888 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:31.739914894 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:39.961030960 CEST | 49712 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:39.961110115 CEST | 443 | 49712 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:39.961241961 CEST | 49712 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:39.961477041 CEST | 49713 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:39.961525917 CEST | 443 | 49713 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:39.961575985 CEST | 49713 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:39.961903095 CEST | 49713 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:39.961924076 CEST | 443 | 49713 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:39.962160110 CEST | 49712 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:39.962198019 CEST | 443 | 49712 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.342988014 CEST | 443 | 49713 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.343306065 CEST | 49713 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.343344927 CEST | 443 | 49713 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.344269037 CEST | 443 | 49713 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.344327927 CEST | 49713 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.344800949 CEST | 443 | 49712 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.345360041 CEST | 49713 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.345422983 CEST | 443 | 49713 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.345554113 CEST | 49712 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.345618010 CEST | 443 | 49712 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.345752954 CEST | 49713 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.345762968 CEST | 443 | 49713 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.349193096 CEST | 443 | 49712 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.349320889 CEST | 49712 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.349741936 CEST | 49712 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.349919081 CEST | 443 | 49712 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.398336887 CEST | 49713 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.398459911 CEST | 49712 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.398508072 CEST | 443 | 49712 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.447973967 CEST | 49712 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.576649904 CEST | 443 | 49713 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.576672077 CEST | 443 | 49713 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.576710939 CEST | 443 | 49713 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.576759100 CEST | 49713 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.576829910 CEST | 49713 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.577857971 CEST | 49713 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.577899933 CEST | 443 | 49713 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.597871065 CEST | 49712 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.640153885 CEST | 443 | 49712 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.709100008 CEST | 49716 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:40.709137917 CEST | 443 | 49716 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:40.709198952 CEST | 49716 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:40.709709883 CEST | 49716 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:40.709726095 CEST | 443 | 49716 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:40.770910025 CEST | 443 | 49712 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.771049976 CEST | 443 | 49712 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.771111012 CEST | 49712 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.772150040 CEST | 49712 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.772164106 CEST | 443 | 49712 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.772186995 CEST | 49712 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.772209883 CEST | 49712 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.898997068 CEST | 49718 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.899020910 CEST | 443 | 49718 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:40.899075985 CEST | 49718 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.899410963 CEST | 49718 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:40.899420977 CEST | 443 | 49718 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:41.044882059 CEST | 443 | 49716 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.054346085 CEST | 49716 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.054363966 CEST | 443 | 49716 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.055227041 CEST | 443 | 49716 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.055301905 CEST | 49716 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.057153940 CEST | 49716 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.057209015 CEST | 443 | 49716 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.057538033 CEST | 49716 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.057548046 CEST | 443 | 49716 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.102416992 CEST | 49716 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.150978088 CEST | 443 | 49718 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:41.151391983 CEST | 49718 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:41.151407003 CEST | 443 | 49718 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:41.154968023 CEST | 443 | 49718 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:41.155105114 CEST | 49718 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:41.155982971 CEST | 49718 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:41.156033993 CEST | 443 | 49718 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:41.156256914 CEST | 49718 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:41.156264067 CEST | 443 | 49718 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:41.195831060 CEST | 49718 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:41.211266041 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:41.211277962 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:41.261147976 CEST | 443 | 49716 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.261373043 CEST | 443 | 49716 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.261415958 CEST | 443 | 49716 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.261425972 CEST | 49716 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.261466980 CEST | 49716 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.262275934 CEST | 49716 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.262295008 CEST | 443 | 49716 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.351572037 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:41.393009901 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:41.393079996 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:41.393157959 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:41.393383980 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:41.393416882 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:41.394979000 CEST | 49720 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.395045996 CEST | 443 | 49720 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.395137072 CEST | 49720 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.395349026 CEST | 49720 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.395385027 CEST | 443 | 49720 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.426043034 CEST | 49721 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:58:41.426065922 CEST | 443 | 49721 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:58:41.426131010 CEST | 49721 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:58:41.426552057 CEST | 49721 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:58:41.426577091 CEST | 443 | 49721 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:58:41.453213930 CEST | 443 | 49718 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:41.453269958 CEST | 443 | 49718 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:41.453332901 CEST | 49718 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:41.453347921 CEST | 443 | 49718 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:41.453387976 CEST | 49718 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:41.453423977 CEST | 443 | 49718 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:41.453469038 CEST | 49718 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:41.455590010 CEST | 49718 | 443 | 192.168.2.5 | 44.214.198.122 |
Apr 25, 2024 01:58:41.455600023 CEST | 443 | 49718 | 44.214.198.122 | 192.168.2.5 |
Apr 25, 2024 01:58:41.652228117 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:41.652513981 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:41.652580976 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:41.653454065 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:41.653517962 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:41.653541088 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:41.653594017 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:41.654232979 CEST | 443 | 49721 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:58:41.655468941 CEST | 49721 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:58:41.655505896 CEST | 443 | 49721 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:58:41.655936003 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:41.656001091 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:41.656403065 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:41.656418085 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:41.656436920 CEST | 443 | 49721 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:58:41.656497002 CEST | 49721 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:58:41.658509970 CEST | 49721 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:58:41.658570051 CEST | 443 | 49721 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:58:41.700850010 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:41.700851917 CEST | 49721 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:58:41.700872898 CEST | 443 | 49721 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:58:41.734632969 CEST | 443 | 49720 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.735017061 CEST | 49720 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.735034943 CEST | 443 | 49720 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.738549948 CEST | 443 | 49720 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.738630056 CEST | 49720 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.739804029 CEST | 49720 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.739974022 CEST | 443 | 49720 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.740180969 CEST | 49720 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.740195990 CEST | 443 | 49720 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.753328085 CEST | 49721 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:58:41.788639069 CEST | 49720 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.927011967 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:41.927031994 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:41.927093029 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:41.927113056 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:41.927144051 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:41.927201033 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:41.927248001 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:41.927249908 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:41.927249908 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:41.956243038 CEST | 443 | 49720 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.956401110 CEST | 443 | 49720 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.956533909 CEST | 49720 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.956562996 CEST | 443 | 49720 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.956614971 CEST | 49720 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.956619978 CEST | 443 | 49720 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.956682920 CEST | 49720 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.959698915 CEST | 49720 | 443 | 192.168.2.5 | 152.199.4.44 |
Apr 25, 2024 01:58:41.959726095 CEST | 443 | 49720 | 152.199.4.44 | 192.168.2.5 |
Apr 25, 2024 01:58:41.976962090 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:42.058726072 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.058736086 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.058789968 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.058809996 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.058818102 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:42.058849096 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.058877945 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:42.058900118 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:42.117726088 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.117739916 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.117794991 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:42.117825031 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.117852926 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:42.117870092 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:42.162584066 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.162599087 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.162703037 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:42.162724018 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.162765980 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:42.197797060 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.197810888 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.197904110 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:42.197921991 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.198616982 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:42.230408907 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.230422974 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.230511904 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:42.230530024 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.230608940 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:42.241225958 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.241295099 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.241424084 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:42.241424084 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:42.268018007 CEST | 49719 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:42.268085003 CEST | 443 | 49719 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:42.687166929 CEST | 49724 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:42.687202930 CEST | 443 | 49724 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:42.687464952 CEST | 49724 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:42.689879894 CEST | 49724 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:42.689897060 CEST | 443 | 49724 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:42.733105898 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 25, 2024 01:58:42.734711885 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:42.927006960 CEST | 443 | 49724 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:42.927112103 CEST | 49724 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:43.003576994 CEST | 49724 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:43.003633022 CEST | 443 | 49724 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:43.003952980 CEST | 443 | 49724 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:43.055116892 CEST | 49724 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:44.204699993 CEST | 49724 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:44.248163939 CEST | 443 | 49724 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:44.315665960 CEST | 443 | 49724 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:44.315789938 CEST | 443 | 49724 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:44.315853119 CEST | 49724 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:44.315922976 CEST | 443 | 49724 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:44.315967083 CEST | 49724 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:44.315967083 CEST | 49724 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:44.315987110 CEST | 443 | 49724 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:44.316042900 CEST | 443 | 49724 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:44.356290102 CEST | 49725 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:44.356337070 CEST | 443 | 49725 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:44.356533051 CEST | 49725 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:44.356779099 CEST | 49725 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:44.356795073 CEST | 443 | 49725 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:44.359482050 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:44.359563112 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:44.359637022 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:44.359889030 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:44.359925985 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:44.587534904 CEST | 443 | 49725 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:44.587618113 CEST | 49725 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:44.589013100 CEST | 49725 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:44.589027882 CEST | 443 | 49725 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:44.589792967 CEST | 443 | 49725 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:44.590909958 CEST | 49725 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:44.617109060 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:44.617391109 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:44.617432117 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:44.618490934 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:44.618561983 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:44.618593931 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:44.618722916 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:44.619072914 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:44.619143963 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:44.619304895 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:44.619318008 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:44.636111975 CEST | 443 | 49725 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:44.672969103 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:44.805705070 CEST | 443 | 49725 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:44.805872917 CEST | 443 | 49725 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:44.806196928 CEST | 49725 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:44.828712940 CEST | 49725 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:44.828763008 CEST | 443 | 49725 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:44.828793049 CEST | 49725 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 25, 2024 01:58:44.828809023 CEST | 443 | 49725 | 23.63.206.91 | 192.168.2.5 |
Apr 25, 2024 01:58:44.896295071 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:44.896315098 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:44.896322012 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:44.896393061 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:44.896425009 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:44.896452904 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:44.896452904 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:44.896477938 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:44.896495104 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:44.896521091 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:44.896543026 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:45.029627085 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.029643059 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.029709101 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:45.029731989 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.029860973 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:45.085771084 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.085788012 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.085850954 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:45.085871935 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.085967064 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:45.131355047 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.131370068 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.131438017 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:45.131458998 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.131627083 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:45.166235924 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.166250944 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.166316986 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:45.166333914 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.166383028 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:45.198623896 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.198637962 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.198676109 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:45.198692083 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.198739052 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:45.198740005 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:45.209315062 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.209372997 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:45.209393024 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:45.209428072 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:45.209731102 CEST | 49726 | 443 | 192.168.2.5 | 208.80.154.240 |
Apr 25, 2024 01:58:45.209762096 CEST | 443 | 49726 | 208.80.154.240 | 192.168.2.5 |
Apr 25, 2024 01:58:51.658638000 CEST | 443 | 49721 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:58:51.658704996 CEST | 443 | 49721 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:58:51.658777952 CEST | 49721 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:58:51.993761063 CEST | 49721 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:58:51.993784904 CEST | 443 | 49721 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:58:52.852781057 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:52.852927923 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:52.853414059 CEST | 49731 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:52.853492022 CEST | 443 | 49731 | 23.1.237.91 | 192.168.2.5 |
Apr 25, 2024 01:58:52.853569031 CEST | 49731 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:52.854969978 CEST | 49731 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:52.855004072 CEST | 443 | 49731 | 23.1.237.91 | 192.168.2.5 |
Apr 25, 2024 01:58:53.010507107 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 25, 2024 01:58:53.010534048 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 25, 2024 01:58:53.183312893 CEST | 443 | 49731 | 23.1.237.91 | 192.168.2.5 |
Apr 25, 2024 01:58:53.183387995 CEST | 49731 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:53.242054939 CEST | 49731 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:53.242089033 CEST | 443 | 49731 | 23.1.237.91 | 192.168.2.5 |
Apr 25, 2024 01:58:53.242345095 CEST | 443 | 49731 | 23.1.237.91 | 192.168.2.5 |
Apr 25, 2024 01:58:53.242407084 CEST | 49731 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:53.243906021 CEST | 49731 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:53.243941069 CEST | 443 | 49731 | 23.1.237.91 | 192.168.2.5 |
Apr 25, 2024 01:58:53.245136976 CEST | 49731 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:53.245151043 CEST | 443 | 49731 | 23.1.237.91 | 192.168.2.5 |
Apr 25, 2024 01:58:53.568789959 CEST | 443 | 49731 | 23.1.237.91 | 192.168.2.5 |
Apr 25, 2024 01:58:53.568854094 CEST | 49731 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:58:53.569377899 CEST | 443 | 49731 | 23.1.237.91 | 192.168.2.5 |
Apr 25, 2024 01:58:53.569416046 CEST | 443 | 49731 | 23.1.237.91 | 192.168.2.5 |
Apr 25, 2024 01:58:53.569470882 CEST | 49731 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 25, 2024 01:59:41.366134882 CEST | 49737 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:59:41.366183996 CEST | 443 | 49737 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:59:41.366236925 CEST | 49737 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:59:41.366833925 CEST | 49737 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:59:41.366846085 CEST | 443 | 49737 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:59:41.599000931 CEST | 443 | 49737 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:59:41.610569954 CEST | 49737 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:59:41.610586882 CEST | 443 | 49737 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:59:41.611109018 CEST | 443 | 49737 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:59:41.613317013 CEST | 49737 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:59:41.613487005 CEST | 443 | 49737 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:59:41.663938999 CEST | 49737 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:59:51.594268084 CEST | 443 | 49737 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:59:51.594441891 CEST | 443 | 49737 | 64.233.176.104 | 192.168.2.5 |
Apr 25, 2024 01:59:51.594511032 CEST | 49737 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:59:52.066945076 CEST | 49737 | 443 | 192.168.2.5 | 64.233.176.104 |
Apr 25, 2024 01:59:52.066989899 CEST | 443 | 49737 | 64.233.176.104 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 01:58:37.346638918 CEST | 53 | 57998 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:37.349606037 CEST | 53 | 52975 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:38.387465954 CEST | 53 | 61392 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:39.836083889 CEST | 58597 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 01:58:39.836230993 CEST | 49912 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 01:58:39.949141026 CEST | 53 | 58597 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:39.959961891 CEST | 53 | 49912 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:40.594352007 CEST | 53098 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 01:58:40.594540119 CEST | 60727 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 01:58:40.706983089 CEST | 53 | 53098 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:40.708398104 CEST | 53 | 60727 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:40.753180027 CEST | 53 | 55348 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:40.784853935 CEST | 55404 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 01:58:40.785100937 CEST | 58837 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 01:58:40.895760059 CEST | 53 | 55404 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:40.897684097 CEST | 53 | 58837 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:41.281888962 CEST | 54329 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 01:58:41.282042980 CEST | 64988 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 01:58:41.283711910 CEST | 62128 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 01:58:41.283879042 CEST | 64407 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 01:58:41.314158916 CEST | 64862 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 01:58:41.314903975 CEST | 59771 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 01:58:41.392004013 CEST | 53 | 54329 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:41.392498016 CEST | 53 | 64988 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:41.393788099 CEST | 53 | 62128 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:41.394490004 CEST | 53 | 64407 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:41.424957991 CEST | 53 | 64862 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:41.424992085 CEST | 53 | 59771 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:44.247858047 CEST | 63584 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 01:58:44.248408079 CEST | 63402 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 25, 2024 01:58:44.358593941 CEST | 53 | 63402 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:44.359020948 CEST | 53 | 63584 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:58:56.370450974 CEST | 53 | 64510 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:59:15.264991045 CEST | 53 | 50726 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:59:36.995213032 CEST | 53 | 50634 | 1.1.1.1 | 192.168.2.5 |
Apr 25, 2024 01:59:38.212636948 CEST | 53 | 55849 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 25, 2024 01:58:39.836083889 CEST | 192.168.2.5 | 1.1.1.1 | 0x4e97 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 01:58:39.836230993 CEST | 192.168.2.5 | 1.1.1.1 | 0xdd4a | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 25, 2024 01:58:40.594352007 CEST | 192.168.2.5 | 1.1.1.1 | 0x9552 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 01:58:40.594540119 CEST | 192.168.2.5 | 1.1.1.1 | 0xe966 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 25, 2024 01:58:40.784853935 CEST | 192.168.2.5 | 1.1.1.1 | 0xaa4a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 01:58:40.785100937 CEST | 192.168.2.5 | 1.1.1.1 | 0x5c15 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 25, 2024 01:58:41.281888962 CEST | 192.168.2.5 | 1.1.1.1 | 0xb9cf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 01:58:41.282042980 CEST | 192.168.2.5 | 1.1.1.1 | 0x2725 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 25, 2024 01:58:41.283711910 CEST | 192.168.2.5 | 1.1.1.1 | 0x3925 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 01:58:41.283879042 CEST | 192.168.2.5 | 1.1.1.1 | 0x9184 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 25, 2024 01:58:41.314158916 CEST | 192.168.2.5 | 1.1.1.1 | 0xf344 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 01:58:41.314903975 CEST | 192.168.2.5 | 1.1.1.1 | 0x867 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 25, 2024 01:58:44.247858047 CEST | 192.168.2.5 | 1.1.1.1 | 0xed65 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 01:58:44.248408079 CEST | 192.168.2.5 | 1.1.1.1 | 0x7960 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 25, 2024 01:58:39.949141026 CEST | 1.1.1.1 | 192.168.2.5 | 0x4e97 | No error (0) | 44.214.198.122 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:39.949141026 CEST | 1.1.1.1 | 192.168.2.5 | 0x4e97 | No error (0) | 18.235.65.101 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:40.706983089 CEST | 1.1.1.1 | 192.168.2.5 | 0x9552 | No error (0) | cs1100.wpc.omegacdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:40.706983089 CEST | 1.1.1.1 | 192.168.2.5 | 0x9552 | No error (0) | 152.199.4.44 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:40.708398104 CEST | 1.1.1.1 | 192.168.2.5 | 0xe966 | No error (0) | cs1100.wpc.omegacdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:40.895760059 CEST | 1.1.1.1 | 192.168.2.5 | 0xaa4a | No error (0) | 44.214.198.122 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:40.895760059 CEST | 1.1.1.1 | 192.168.2.5 | 0xaa4a | No error (0) | 18.235.65.101 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:41.392004013 CEST | 1.1.1.1 | 192.168.2.5 | 0xb9cf | No error (0) | 208.80.154.240 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:41.393788099 CEST | 1.1.1.1 | 192.168.2.5 | 0x3925 | No error (0) | cs1100.wpc.omegacdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:41.393788099 CEST | 1.1.1.1 | 192.168.2.5 | 0x3925 | No error (0) | 152.199.4.44 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:41.394490004 CEST | 1.1.1.1 | 192.168.2.5 | 0x9184 | No error (0) | cs1100.wpc.omegacdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:41.424957991 CEST | 1.1.1.1 | 192.168.2.5 | 0xf344 | No error (0) | 64.233.176.104 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:41.424957991 CEST | 1.1.1.1 | 192.168.2.5 | 0xf344 | No error (0) | 64.233.176.106 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:41.424957991 CEST | 1.1.1.1 | 192.168.2.5 | 0xf344 | No error (0) | 64.233.176.99 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:41.424957991 CEST | 1.1.1.1 | 192.168.2.5 | 0xf344 | No error (0) | 64.233.176.103 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:41.424957991 CEST | 1.1.1.1 | 192.168.2.5 | 0xf344 | No error (0) | 64.233.176.105 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:41.424957991 CEST | 1.1.1.1 | 192.168.2.5 | 0xf344 | No error (0) | 64.233.176.147 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:41.424992085 CEST | 1.1.1.1 | 192.168.2.5 | 0x867 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 25, 2024 01:58:44.359020948 CEST | 1.1.1.1 | 192.168.2.5 | 0xed65 | No error (0) | 208.80.154.240 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:52.622229099 CEST | 1.1.1.1 | 192.168.2.5 | 0x8572 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 01:58:52.622229099 CEST | 1.1.1.1 | 192.168.2.5 | 0x8572 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:59:06.091204882 CEST | 1.1.1.1 | 192.168.2.5 | 0x7322 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 01:59:06.091204882 CEST | 1.1.1.1 | 192.168.2.5 | 0x7322 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:59:30.325536966 CEST | 1.1.1.1 | 192.168.2.5 | 0x9cc | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 01:59:30.325536966 CEST | 1.1.1.1 | 192.168.2.5 | 0x9cc | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:59:49.739330053 CEST | 1.1.1.1 | 192.168.2.5 | 0xdcb6 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 25, 2024 01:59:49.739330053 CEST | 1.1.1.1 | 192.168.2.5 | 0xdcb6 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:59:53.169657946 CEST | 1.1.1.1 | 192.168.2.5 | 0x41f8 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 01:59:53.169657946 CEST | 1.1.1.1 | 192.168.2.5 | 0x41f8 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49713 | 44.214.198.122 | 443 | 6400 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:58:40 UTC | 693 | OUT | |
2024-04-24 23:58:40 UTC | 506 | IN | |
2024-04-24 23:58:40 UTC | 4274 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49712 | 44.214.198.122 | 443 | 6400 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:58:40 UTC | 746 | OUT | |
2024-04-24 23:58:40 UTC | 414 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49716 | 152.199.4.44 | 443 | 6400 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:58:41 UTC | 675 | OUT | |
2024-04-24 23:58:41 UTC | 737 | IN | |
2024-04-24 23:58:41 UTC | 3651 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49718 | 44.214.198.122 | 443 | 6400 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:58:41 UTC | 374 | OUT | |
2024-04-24 23:58:41 UTC | 506 | IN | |
2024-04-24 23:58:41 UTC | 4274 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49719 | 208.80.154.240 | 443 | 6400 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:58:41 UTC | 746 | OUT | |
2024-04-24 23:58:41 UTC | 1101 | IN | |
2024-04-24 23:58:41 UTC | 13797 | IN | |
2024-04-24 23:58:42 UTC | 16320 | IN | |
2024-04-24 23:58:42 UTC | 16320 | IN | |
2024-04-24 23:58:42 UTC | 16320 | IN | |
2024-04-24 23:58:42 UTC | 16320 | IN | |
2024-04-24 23:58:42 UTC | 16320 | IN | |
2024-04-24 23:58:42 UTC | 5330 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49720 | 152.199.4.44 | 443 | 6400 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:58:41 UTC | 420 | OUT | |
2024-04-24 23:58:41 UTC | 737 | IN | |
2024-04-24 23:58:41 UTC | 3651 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49724 | 23.63.206.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:58:44 UTC | 161 | OUT | |
2024-04-24 23:58:44 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49725 | 23.63.206.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:58:44 UTC | 239 | OUT | |
2024-04-24 23:58:44 UTC | 531 | IN | |
2024-04-24 23:58:44 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 49726 | 208.80.154.240 | 443 | 6400 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:58:44 UTC | 491 | OUT | |
2024-04-24 23:58:44 UTC | 1101 | IN | |
2024-04-24 23:58:44 UTC | 13797 | IN | |
2024-04-24 23:58:45 UTC | 16320 | IN | |
2024-04-24 23:58:45 UTC | 16320 | IN | |
2024-04-24 23:58:45 UTC | 16320 | IN | |
2024-04-24 23:58:45 UTC | 16320 | IN | |
2024-04-24 23:58:45 UTC | 16320 | IN | |
2024-04-24 23:58:45 UTC | 5330 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
9 | 192.168.2.5 | 49731 | 23.1.237.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-24 23:58:53 UTC | 2148 | OUT | |
2024-04-24 23:58:53 UTC | 1 | OUT | |
2024-04-24 23:58:53 UTC | 2483 | OUT | |
2024-04-24 23:58:53 UTC | 479 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 01:58:31 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 01:58:34 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 01:58:38 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |