Windows
Analysis Report
https://click.pstmrk.it/3s/research.rallyuxr.com/gitlab/lp/clvbcohn501jw1alm2pae8cpp?participant_id=d53605da-e175-4d13-9311-3b9bf7cde3e1&channel=email/Ke_U/M_W0AQ/AQ/c96575a2-a4d2-402a-b49c-cbe1d5bbdcc8/1/RXuRQANQdD
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 7104 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t https:// click.pstm rk.it/3s/r esearch.ra llyuxr.com /gitlab/lp /clvbcohn5 01jw1alm2p ae8cpp?par ticipant_i d=d53605da -e175-4d13 -9311-3b9b f7cde3e1&c hannel=ema il/Ke_U/M_ W0AQ/AQ/c9 6575a2-a4d 2-402a-b49 c-cbe1d5bb dcc8/1/RXu RQANQdD MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6212 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2180 --fi eld-trial- handle=192 8,i,832006 7015254264 676,926709 3888457528 790,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
click.pstmrk.it | 3.133.210.250 | true | false | unknown | |
www.google.com | 64.233.185.99 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
3.133.210.250 | click.pstmrk.it | United States | 16509 | AMAZON-02US | false | |
64.233.185.99 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.16 |
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431700 |
Start date and time: | 2024-04-25 16:49:47 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 58s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | https://click.pstmrk.it/3s/research.rallyuxr.com/gitlab/lp/clvbcohn501jw1alm2pae8cpp?participant_id=d53605da-e175-4d13-9311-3b9bf7cde3e1&channel=email/Ke_U/M_W0AQ/AQ/c96575a2-a4d2-402a-b49c-cbe1d5bbdcc8/1/RXuRQANQdD |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@17/8@4/5 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.251.15.94, 108.177.122.113, 108.177.122.101, 108.177.122.138, 108.177.122.139, 108.177.122.100, 108.177.122.102, 74.125.138.84, 34.104.35.123, 142.250.105.94
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.988289147294708 |
Encrypted: | false |
SSDEEP: | 48:8zaId1Tdhg+HzidAKZdA1FehwiZUklqehEJy+3:8WGDH/y |
MD5: | 5C15C3E8CE725C765CD111F5E0F4162D |
SHA1: | 52909FBCF204A1473BD53BC7E52B38AF6799F35B |
SHA-256: | 07F2A95505C4750D4E2C91A453B750B09A5C1D6465FAFED4CAA35C9113139540 |
SHA-512: | 4C58C1B1436DB0B04A8C4E9FDAEBEECE788F151BB9E6A57231E01EEDD370B72AA8D2165EDF12349A7D42D2A5F593FCC5E117E6CA606C189D70D5F1D0D4B82B78 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.0049359713907515 |
Encrypted: | false |
SSDEEP: | 48:8X+d1Tdhg+HzidAKZdA1seh/iZUkAQkqeh1Jy+2:8QDx9QKy |
MD5: | 0169BB717229AA6DFA953FF8E4D89FA3 |
SHA1: | 7DB179258819B7DA8FA7565B1754F13E5400719D |
SHA-256: | BAC385A097DCB6F77E66152ED4D4F9AF0335AC0174CBD4AAFAFD642EAC5D3851 |
SHA-512: | 5D49D2344EE5E7BED2058DA225542BD10A4E48E72C045419C6B48AB75605F6B9339610AD66EC54330C5B5D139E228EFE569A76A2737C80D0F140F3D2A849851B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.009961243399075 |
Encrypted: | false |
SSDEEP: | 48:8/d1TdhAHzidAKZdA14meh7sFiZUkmgqeh7s/Jy+BX:8rDOnDy |
MD5: | B6DB7149775A34A2BE975F19C32908DE |
SHA1: | A064DC446731E35F753DE7789FB4D35048984BBF |
SHA-256: | 950EF85670E1D912303DEB4CA4B1D4FC2838C96A841A6B5F6D82C2A88871C657 |
SHA-512: | B3E49FD5459C47BA9BBD8520896B4B00D02085EE47895680E64E73D1C957988A87DF778AEC5A343C892A24CD7B09D8B0CF6B5853FDDE20776B3B459B64E55151 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.005245283333287 |
Encrypted: | false |
SSDEEP: | 48:8Yld1Tdhg+HzidAKZdA1TehDiZUkwqeh5Jy+R:8ODCZy |
MD5: | BC878D6EE5D5982C11C0AD58E7EA98D8 |
SHA1: | A152BFBB9D7A60F7C44304ADFA04F70CB4B4BCA3 |
SHA-256: | 64E303409E76C135F044F03F629C36BFDDC3ABAECB04670599441CE84AAAAAE7 |
SHA-512: | 8D8199D54B4CC39C7D4925575D2455337622BAFEAAE461891403D5ACE8E48038BF45FBE705A7FB56BCEF30E24D5E5A8ACD33D9E57AD4EA54C62299A8BD13E641 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.992078239110865 |
Encrypted: | false |
SSDEEP: | 48:8jd1Tdhg+HzidAKZdA1dehBiZUk1W1qehbJy+C:8HDS91y |
MD5: | 7890173607930FC0DB906F71CB93E4C3 |
SHA1: | 9C61CD98F2B61DC6D933B0B56E72664012814731 |
SHA-256: | 5BC18053742879696D95F074169F16BCF8C277B98D741CEFC31393D3BB31D1F3 |
SHA-512: | 776E4610A824AB63DE1B2E7D601402D53C278612F15273A51ADA635C67A98509AD6CE3F3184DD3095C03975F2052AEF8C5FC5741ACFAEF7D704AABD8FD1663C3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.002248006271194 |
Encrypted: | false |
SSDEEP: | 48:89d1Tdhg+HzidAKZdA1duTeehOuTbbiZUk5OjqehOuTbhJy+yT+:8FDITfTbxWOvTbDy7T |
MD5: | 2F22D2EBD2D88AD1AFD793801D36F8D3 |
SHA1: | 3432F1CDF7E812ABBE9D37ABA55091FE9CFCCA56 |
SHA-256: | 0E16D91BE44C00176659FCDB0ABBDCB1DBAF5DFAD5FB7CD5F0A84EC94AD79678 |
SHA-512: | ECB71DBF51A6E9D1900DEA1DB97F371568BC2E7D9137D3657AC0EBC7BCB7DFB829A482E1BDFE2B847C351378EB7C2FB7303461C7450E78DF517D236B9A3728E9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 37 |
Entropy (8bit): | 3.7870428120319044 |
Encrypted: | false |
SSDEEP: | 3:BMJzRHKQJnYAFDJLn:BCRHLpYA7Ln |
MD5: | FC589AFB0910D0C3DD9AF01A13D461DB |
SHA1: | 16E6066B1D5E292D4ECC5333C589C70F0C6EB64C |
SHA-256: | 87E6E803F0630B3CD876EC3D6D8213AB830E14A51FF59E3535AC5201F1C8EE3B |
SHA-512: | F43CD458DAEB14AAD40DAF8719F03829FDD69E4E0059ECAC0277CEC1AA659809491240AED271DDE3D57EEAE100866804D5D0204EDF8BB7143A3E9B5A88ED5E20 |
Malicious: | false |
Reputation: | low |
URL: | https://click.pstmrk.it/3s/research.rallyuxr.com/gitlab/lp/clvbcohn501jw1alm2pae8cpp?participant_id=d53605da-e175-4d13-9311-3b9bf7cde3e1&channel=email/Ke_U/M_W0AQ/AQ/c96575a2-a4d2-402a-b49c-cbe1d5bbdcc8/1/RXuRQANQdD |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 16:50:19.295178890 CEST | 49700 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:19.295223951 CEST | 443 | 49700 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:19.295329094 CEST | 49700 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:19.296869993 CEST | 49700 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:19.296890020 CEST | 443 | 49700 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:19.705277920 CEST | 443 | 49700 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:19.705626011 CEST | 49700 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:19.705657959 CEST | 443 | 49700 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:19.707201004 CEST | 443 | 49700 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:19.707283974 CEST | 49700 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:19.708497047 CEST | 49700 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:19.708590984 CEST | 443 | 49700 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:19.708864927 CEST | 49700 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:19.708874941 CEST | 443 | 49700 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:19.761025906 CEST | 49700 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:19.849577904 CEST | 443 | 49700 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:19.849677086 CEST | 443 | 49700 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:19.849760056 CEST | 49700 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:19.850497007 CEST | 49700 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:19.850524902 CEST | 443 | 49700 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:20.881778955 CEST | 49705 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:20.881822109 CEST | 443 | 49705 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:20.881894112 CEST | 49705 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:20.882128000 CEST | 49705 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:20.882138968 CEST | 443 | 49705 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:20.912972927 CEST | 49706 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:20.913022041 CEST | 443 | 49706 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:20.913207054 CEST | 49706 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:20.913420916 CEST | 49706 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:20.913433075 CEST | 443 | 49706 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:21.150818110 CEST | 443 | 49705 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:21.151148081 CEST | 49705 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:21.151221037 CEST | 443 | 49705 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:21.151706934 CEST | 443 | 49705 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:21.152117968 CEST | 49705 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:21.152205944 CEST | 443 | 49705 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:21.152281046 CEST | 49705 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:21.182025909 CEST | 443 | 49706 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:21.182487011 CEST | 49706 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:21.182547092 CEST | 443 | 49706 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:21.183671951 CEST | 443 | 49706 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:21.184140921 CEST | 49706 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:21.184319973 CEST | 443 | 49706 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:21.200113058 CEST | 443 | 49705 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:21.226131916 CEST | 49706 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:21.402429104 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 25, 2024 16:50:21.426870108 CEST | 443 | 49705 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:21.426960945 CEST | 443 | 49705 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:21.427036047 CEST | 49705 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:21.427608013 CEST | 49705 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:21.427629948 CEST | 443 | 49705 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:21.703048944 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 25, 2024 16:50:22.307106018 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 25, 2024 16:50:23.422014952 CEST | 49689 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 25, 2024 16:50:23.513070107 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 25, 2024 16:50:24.053355932 CEST | 49709 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:50:24.053396940 CEST | 443 | 49709 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:50:24.053483009 CEST | 49709 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:50:24.053761959 CEST | 49709 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:50:24.053770065 CEST | 443 | 49709 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:50:24.281104088 CEST | 443 | 49709 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:50:24.281428099 CEST | 49709 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:50:24.281440973 CEST | 443 | 49709 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:50:24.282315969 CEST | 443 | 49709 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:50:24.282385111 CEST | 49709 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:50:24.283605099 CEST | 49709 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:50:24.283647060 CEST | 443 | 49709 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:50:24.324076891 CEST | 49709 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:50:24.324084997 CEST | 443 | 49709 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:50:24.374020100 CEST | 49709 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:50:25.928133965 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 25, 2024 16:50:26.440850973 CEST | 49706 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:26.441288948 CEST | 49711 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:26.441339970 CEST | 443 | 49711 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:26.441427946 CEST | 49711 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:26.441692114 CEST | 49711 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:26.441710949 CEST | 443 | 49711 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:26.488166094 CEST | 443 | 49706 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:26.597556114 CEST | 443 | 49706 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:26.597773075 CEST | 443 | 49706 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:26.597862959 CEST | 49706 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:26.598517895 CEST | 49706 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:26.598530054 CEST | 443 | 49706 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:26.710261106 CEST | 443 | 49711 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:26.710573912 CEST | 49711 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:26.710589886 CEST | 443 | 49711 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:26.711062908 CEST | 443 | 49711 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:26.711452007 CEST | 49711 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:26.711544037 CEST | 443 | 49711 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:26.767097950 CEST | 49711 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:27.813522100 CEST | 49712 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:27.813560963 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:27.813637972 CEST | 49712 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:27.815768957 CEST | 49712 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:27.815781116 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.046952009 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.047118902 CEST | 49712 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:28.076133966 CEST | 49712 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:28.076152086 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.076468945 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.126132965 CEST | 49712 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:28.170475006 CEST | 49712 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:28.212119102 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.281552076 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.281696081 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.281761885 CEST | 49712 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:28.281761885 CEST | 49712 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:28.281805038 CEST | 49712 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:28.281819105 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.322308064 CEST | 49713 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:28.322380066 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.322482109 CEST | 49713 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:28.322824001 CEST | 49713 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:28.322855949 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.555104971 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.555330038 CEST | 49713 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:28.556886911 CEST | 49713 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:28.556896925 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.557729959 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.559101105 CEST | 49713 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:28.604125977 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.771958113 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.772044897 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.772159100 CEST | 49713 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:28.773060083 CEST | 49713 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:28.773102999 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:28.773132086 CEST | 49713 | 443 | 192.168.2.16 | 23.220.189.216 |
Apr 25, 2024 16:50:28.773147106 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.16 |
Apr 25, 2024 16:50:29.394109011 CEST | 49714 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:50:29.394154072 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:29.394270897 CEST | 49714 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:50:29.395669937 CEST | 49714 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:50:29.395682096 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:29.559782028 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 25, 2024 16:50:29.863149881 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 25, 2024 16:50:29.917970896 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:29.918076992 CEST | 49714 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:50:29.920573950 CEST | 49714 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:50:29.920583963 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:29.920819044 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:29.975151062 CEST | 49714 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:50:29.983174086 CEST | 49714 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:50:30.028116941 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:30.422489882 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:30.422549963 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:30.422569036 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:30.422585964 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:30.422624111 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:30.422641993 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:30.422651052 CEST | 49714 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:50:30.422669888 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:30.422691107 CEST | 49714 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:50:30.422692060 CEST | 49714 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:50:30.422724009 CEST | 49714 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:50:30.422813892 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:30.422909975 CEST | 49714 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:50:30.422915936 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:30.422986984 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:30.423049927 CEST | 49714 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:50:30.433098078 CEST | 49714 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:50:30.433123112 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:30.433202982 CEST | 49714 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:50:30.433209896 CEST | 443 | 49714 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:50:30.467467070 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 25, 2024 16:50:30.736160994 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 25, 2024 16:50:31.680228949 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 25, 2024 16:50:34.027499914 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 25, 2024 16:50:34.091211081 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 25, 2024 16:50:34.279659986 CEST | 443 | 49709 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:50:34.279719114 CEST | 443 | 49709 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:50:34.279782057 CEST | 49709 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:50:34.331250906 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 25, 2024 16:50:34.942190886 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 25, 2024 16:50:35.418591022 CEST | 49709 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:50:35.418612957 CEST | 443 | 49709 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:50:36.153289080 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 25, 2024 16:50:38.567389965 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 25, 2024 16:50:38.903286934 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 25, 2024 16:50:40.340421915 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Apr 25, 2024 16:50:43.376367092 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 25, 2024 16:50:48.509502888 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Apr 25, 2024 16:50:52.984491110 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Apr 25, 2024 16:50:56.619976044 CEST | 49711 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:56.621206999 CEST | 49715 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:56.621298075 CEST | 443 | 49715 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:56.621400118 CEST | 49715 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:56.621618986 CEST | 49715 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:56.621659040 CEST | 443 | 49715 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:56.660150051 CEST | 443 | 49711 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:56.762485027 CEST | 443 | 49711 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:56.762546062 CEST | 443 | 49711 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:56.762608051 CEST | 49711 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:56.763554096 CEST | 49711 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:56.763572931 CEST | 443 | 49711 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:56.887567997 CEST | 443 | 49715 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:56.887928009 CEST | 49715 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:56.887973070 CEST | 443 | 49715 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:56.888299942 CEST | 443 | 49715 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:56.888700008 CEST | 49715 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:50:56.888777971 CEST | 443 | 49715 | 3.133.210.250 | 192.168.2.16 |
Apr 25, 2024 16:50:56.932519913 CEST | 49715 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:51:06.841048956 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:51:06.841135979 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:51:06.841305017 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:51:06.841650963 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:51:06.841681004 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:51:07.361406088 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:51:07.362488985 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:51:07.362822056 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:51:07.362849951 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:51:07.363096952 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:51:07.366247892 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:51:07.412122011 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:51:07.871057034 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:51:07.871087074 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:51:07.871160984 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:51:07.871227980 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:51:07.871269941 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:51:07.871295929 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:51:07.871315002 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:51:07.871321917 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:51:07.871352911 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:51:07.871373892 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:51:07.873809099 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:51:07.873841047 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:51:07.873884916 CEST | 49716 | 443 | 192.168.2.16 | 20.114.59.183 |
Apr 25, 2024 16:51:07.873898983 CEST | 443 | 49716 | 20.114.59.183 | 192.168.2.16 |
Apr 25, 2024 16:51:08.190859079 CEST | 49697 | 80 | 192.168.2.16 | 199.232.210.172 |
Apr 25, 2024 16:51:08.190897942 CEST | 49699 | 80 | 192.168.2.16 | 199.232.210.172 |
Apr 25, 2024 16:51:08.300574064 CEST | 80 | 49697 | 199.232.210.172 | 192.168.2.16 |
Apr 25, 2024 16:51:08.300627947 CEST | 80 | 49699 | 199.232.210.172 | 192.168.2.16 |
Apr 25, 2024 16:51:08.300710917 CEST | 80 | 49699 | 199.232.210.172 | 192.168.2.16 |
Apr 25, 2024 16:51:08.300791979 CEST | 49699 | 80 | 192.168.2.16 | 199.232.210.172 |
Apr 25, 2024 16:51:08.301229954 CEST | 80 | 49697 | 199.232.210.172 | 192.168.2.16 |
Apr 25, 2024 16:51:08.301300049 CEST | 49697 | 80 | 192.168.2.16 | 199.232.210.172 |
Apr 25, 2024 16:51:23.505848885 CEST | 49688 | 443 | 192.168.2.16 | 13.107.21.200 |
Apr 25, 2024 16:51:24.001802921 CEST | 49718 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:51:24.001838923 CEST | 443 | 49718 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:51:24.001929045 CEST | 49718 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:51:24.002140999 CEST | 49718 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:51:24.002155066 CEST | 443 | 49718 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:51:24.227257013 CEST | 443 | 49718 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:51:24.227601051 CEST | 49718 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:51:24.227622986 CEST | 443 | 49718 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:51:24.228077888 CEST | 443 | 49718 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:51:24.228379011 CEST | 49718 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:51:24.228451967 CEST | 443 | 49718 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:51:24.271883965 CEST | 49718 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:51:34.232444048 CEST | 443 | 49718 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:51:34.232538939 CEST | 443 | 49718 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:51:34.232624054 CEST | 49718 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:51:35.417475939 CEST | 49718 | 443 | 192.168.2.16 | 64.233.185.99 |
Apr 25, 2024 16:51:35.417515039 CEST | 443 | 49718 | 64.233.185.99 | 192.168.2.16 |
Apr 25, 2024 16:51:41.890050888 CEST | 49715 | 443 | 192.168.2.16 | 3.133.210.250 |
Apr 25, 2024 16:51:41.890083075 CEST | 443 | 49715 | 3.133.210.250 | 192.168.2.16 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 25, 2024 16:50:19.166877985 CEST | 59182 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 25, 2024 16:50:19.171040058 CEST | 54698 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 25, 2024 16:50:19.276308060 CEST | 53 | 51124 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 16:50:19.278307915 CEST | 53 | 59182 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 16:50:19.281502962 CEST | 53 | 54698 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 16:50:19.309370041 CEST | 53 | 60178 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 16:50:19.950181961 CEST | 53 | 50942 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 16:50:23.941997051 CEST | 64205 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 25, 2024 16:50:23.942199945 CEST | 50632 | 53 | 192.168.2.16 | 1.1.1.1 |
Apr 25, 2024 16:50:24.052001953 CEST | 53 | 64205 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 16:50:24.052124023 CEST | 53 | 50632 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 16:50:36.920253992 CEST | 53 | 58401 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 16:50:55.798964024 CEST | 53 | 64870 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 16:51:18.261128902 CEST | 53 | 54307 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 16:51:19.220798016 CEST | 53 | 51703 | 1.1.1.1 | 192.168.2.16 |
Apr 25, 2024 16:51:25.737926960 CEST | 138 | 138 | 192.168.2.16 | 192.168.2.255 |
Apr 25, 2024 16:51:46.630789042 CEST | 53 | 63701 | 1.1.1.1 | 192.168.2.16 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 25, 2024 16:50:19.166877985 CEST | 192.168.2.16 | 1.1.1.1 | 0xe88a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 16:50:19.171040058 CEST | 192.168.2.16 | 1.1.1.1 | 0xc368 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 25, 2024 16:50:23.941997051 CEST | 192.168.2.16 | 1.1.1.1 | 0xd412 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 25, 2024 16:50:23.942199945 CEST | 192.168.2.16 | 1.1.1.1 | 0x8bc6 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 25, 2024 16:50:19.278307915 CEST | 1.1.1.1 | 192.168.2.16 | 0xe88a | No error (0) | 3.133.210.250 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 16:50:19.278307915 CEST | 1.1.1.1 | 192.168.2.16 | 0xe88a | No error (0) | 3.136.74.202 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 16:50:19.278307915 CEST | 1.1.1.1 | 192.168.2.16 | 0xe88a | No error (0) | 3.22.3.46 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 16:50:24.052001953 CEST | 1.1.1.1 | 192.168.2.16 | 0xd412 | No error (0) | 64.233.185.99 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 16:50:24.052001953 CEST | 1.1.1.1 | 192.168.2.16 | 0xd412 | No error (0) | 64.233.185.147 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 16:50:24.052001953 CEST | 1.1.1.1 | 192.168.2.16 | 0xd412 | No error (0) | 64.233.185.106 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 16:50:24.052001953 CEST | 1.1.1.1 | 192.168.2.16 | 0xd412 | No error (0) | 64.233.185.104 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 16:50:24.052001953 CEST | 1.1.1.1 | 192.168.2.16 | 0xd412 | No error (0) | 64.233.185.103 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 16:50:24.052001953 CEST | 1.1.1.1 | 192.168.2.16 | 0xd412 | No error (0) | 64.233.185.105 | A (IP address) | IN (0x0001) | false | ||
Apr 25, 2024 16:50:24.052124023 CEST | 1.1.1.1 | 192.168.2.16 | 0x8bc6 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49700 | 3.133.210.250 | 443 | 6212 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 14:50:19 UTC | 849 | OUT | |
2024-04-25 14:50:19 UTC | 154 | IN | |
2024-04-25 14:50:19 UTC | 37 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.16 | 49705 | 3.133.210.250 | 443 | 6212 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 14:50:21 UTC | 875 | OUT | |
2024-04-25 14:50:21 UTC | 154 | IN | |
2024-04-25 14:50:21 UTC | 37 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.16 | 49706 | 3.133.210.250 | 443 | 6212 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 14:50:26 UTC | 875 | OUT | |
2024-04-25 14:50:26 UTC | 154 | IN | |
2024-04-25 14:50:26 UTC | 37 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.16 | 49712 | 23.220.189.216 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 14:50:28 UTC | 161 | OUT | |
2024-04-25 14:50:28 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.16 | 49713 | 23.220.189.216 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 14:50:28 UTC | 239 | OUT | |
2024-04-25 14:50:28 UTC | 521 | IN | |
2024-04-25 14:50:28 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.16 | 49714 | 20.114.59.183 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 14:50:29 UTC | 306 | OUT | |
2024-04-25 14:50:30 UTC | 560 | IN | |
2024-04-25 14:50:30 UTC | 15824 | IN | |
2024-04-25 14:50:30 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.16 | 49711 | 3.133.210.250 | 443 | 6212 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 14:50:56 UTC | 875 | OUT | |
2024-04-25 14:50:56 UTC | 154 | IN | |
2024-04-25 14:50:56 UTC | 37 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.16 | 49716 | 20.114.59.183 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-25 14:51:07 UTC | 306 | OUT | |
2024-04-25 14:51:07 UTC | 560 | IN | |
2024-04-25 14:51:07 UTC | 15824 | IN | |
2024-04-25 14:51:07 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 16:50:17 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 16:50:17 |
Start date: | 25/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |