Windows
Analysis Report
https://navranggroup.in/sunpass/tollStep1.php
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 5788 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 5768 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2036 --fi eld-trial- handle=200 4,i,443712 2725917647 002,124391 5564903025 2502,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 1488 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 1632 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2064 --fi eld-trial- handle=199 6,i,205668 9125756923 450,545640 4167789698 242,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 3500 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://navra nggroup.in /sunpass/t ollStep1.p hp" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
navranggroup.in | 192.185.129.35 | true | false | unknown | |
www.google.com | 192.178.50.68 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
192.178.50.68 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
192.185.129.35 | navranggroup.in | United States | 46606 | UNIFIEDLAYER-AS-1US | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432338 |
Start date and time: | 2024-04-26 21:49:28 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 54s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://navranggroup.in/sunpass/tollStep1.php |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | UNKNOWN |
Classification: | unknown1.win@25/8@4/4 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- URL not reachable
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 192.178.50.35, 142.250.217.174, 74.125.139.84, 34.104.35.123, 23.204.76.112, 40.68.123.157, 199.232.210.172, 192.229.211.108, 52.165.164.15, 172.217.165.195, 142.250.217.227
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: https://navranggroup.in/sunpass/tollStep1.php
Source | URL |
---|---|
Screenshot | http://<UNKNOWNECI:000103>System.Byte[]</UNKNOWNECI> |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9794167575191595 |
Encrypted: | false |
SSDEEP: | 48:8HdST++LH4idAKZdA19ehwiZUklqehey+3:8gbyty |
MD5: | 2E6D1134A18E4260F13D13E7CB18D2FA |
SHA1: | ADF8ACF38DE7D7E9FDCC9737BD76E2E42EF62E1A |
SHA-256: | 7496482982F810BFDE0AAC0CA67D5EE1D1B8D1960D6A326807A907DAD2267FC6 |
SHA-512: | AC5098247C32D9848C5F40E84F2BBDC348CE11866F420AA4EA544AE4DFA4A54CCC32B6EDDDB4237F4E581C39B010FC4964980E005D29B5A40DD60AF7482B546D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9947750299250626 |
Encrypted: | false |
SSDEEP: | 48:8cdST++LH4idAKZdA1weh/iZUkAQkqehdy+2:81bo9Q0y |
MD5: | C11951985B586DA1D05B1AAB918A861F |
SHA1: | 2FF2DDB2AE7487F47ADAB2DC81B861EBBF9AD4AF |
SHA-256: | 9EC3199C5567CA2842637903CB64466B8C5A46CF240036F027095FD494C39292 |
SHA-512: | E0A215CB518C31342682D5A9645A20E6A50493F0E59D74764DDBA322C628479668B674C5C48759094EC682C933C6A3264BDC0B5846A196BFA84F807FC4A8D644 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.005420817889297 |
Encrypted: | false |
SSDEEP: | 48:8x/dST++sH4idAKZdA14tseh7sFiZUkmgqeh7s7y+BX:8xobRnRy |
MD5: | 8F211566136EB38DF061753626DC17BB |
SHA1: | 349F405890FFF6B2BB64D40DE929BC6DCE65D3A7 |
SHA-256: | 7761168826AD1F2DD518F44BF898B0AA13E0AB1D5C0E9CF38E324A62DF6B0F28 |
SHA-512: | 322EC4F14D6C87AFEA9CF40769CFD3BBF76AF517D3B80E8150FE1F81A9D234022716F680C9BF8141A0F8B264DEF6DFE0C2C631A9369E7E20F5C9F5CC339B6CCF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9941896870346416 |
Encrypted: | false |
SSDEEP: | 48:88dST++LH4idAKZdA1vehDiZUkwqehZy+R:8Vbzjy |
MD5: | 04CF592C24B7A438CEBEBAFB5065F23C |
SHA1: | CFD05F8387ADE3249A36F6D9C067B7F6BB012608 |
SHA-256: | 399FE01BE9F01DCCDD2E6E9625E2B39D14A3549DFE0379245D3EF0233BD43B4A |
SHA-512: | 2CB5EF6B040AE83DC4149B28BA593BD13C1788D91BB63C604CBEB9A811A4DE5138D43C3161F699E82BAAC3BA572394439D9222628161F4165A3AFFC484310010 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9830353445485525 |
Encrypted: | false |
SSDEEP: | 48:8QdST++LH4idAKZdA1hehBiZUk1W1qeh/y+C:8Rbj9fy |
MD5: | 252C982F144B1528938517734FD7FB63 |
SHA1: | 6DD5BC088DCFA41954FFA3C1A02C70782E8AA792 |
SHA-256: | 2029C029EB670694180E7F4231302167E0C641031ADBF0C26086DBDEC7111DC8 |
SHA-512: | 6F37763B519EAA7808701DF65635299FE7D4864F2AA4FF81C0123BB1DDF0D22EC1DDE6F1A9EDCF4B39E706BFCA3E60CF4611861BE0BEFC32D3627AC478780651 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9913122265006837 |
Encrypted: | false |
SSDEEP: | 48:8kdST++LH4idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbRy+yT+:8tbTT/TbxWOvTbRy7T |
MD5: | 98223280606B44D4991621EF5A2B9A5D |
SHA1: | C4DD9C9E66CF274925817BA618B576B592F0A1A4 |
SHA-256: | 08963695F669CC319E89477A138F09EBC676CBD94BA4B4538C8F3D084AA1F024 |
SHA-512: | 219688B9A3185BB3BD7C2EEEC92331C64959538E09F8E5CCF5A1DAEED6DDA4D7AA92A57B55F62442DE3243FDB0917557000FDE5F5E753701A3A2E182D853D63B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3883 |
Entropy (8bit): | 5.812322157809642 |
Encrypted: | false |
SSDEEP: | 96:wZR4Qcli5H66668lBz9Iw1+3+n5KQNxFApWk1ofQfffo:uHqCH66668b/umJvTv |
MD5: | 867D071FBF7FC33AD69D0B6CADE9C6DF |
SHA1: | F5DFA3333AAA2C04604E86179251A148A1B844C2 |
SHA-256: | 938E6A1DDFF868CF9525E7C55C829428483686A7F873237399855A035A879344 |
SHA-512: | 878C2A96E3C7454E0DF763C0F5C32735C97EA7B5272A17D065E0F4477431C9B5A739EFF205E9A91AEA955F18B6334339EB2547EC89C9614F44A07BA9F180BB5C |
Malicious: | false |
Reputation: | low |
URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 21:50:14.155224085 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 21:50:14.155226946 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 21:50:14.264578104 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 21:50:23.761528969 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 21:50:23.898896933 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 21:50:23.974821091 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 21:50:24.112759113 CEST | 49708 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.112788916 CEST | 443 | 49708 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.112845898 CEST | 49708 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.112912893 CEST | 49709 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.112943888 CEST | 443 | 49709 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.112993002 CEST | 49709 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.113208055 CEST | 49710 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.113248110 CEST | 443 | 49710 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.113306999 CEST | 49710 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.113645077 CEST | 49711 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.113673925 CEST | 443 | 49711 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.113794088 CEST | 49711 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.114357948 CEST | 49708 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.114373922 CEST | 443 | 49708 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.115345001 CEST | 49710 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.115362883 CEST | 443 | 49710 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.115524054 CEST | 49709 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.115540981 CEST | 443 | 49709 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.116178036 CEST | 49711 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.116194010 CEST | 443 | 49711 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.449043989 CEST | 443 | 49709 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.449322939 CEST | 49709 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.449352980 CEST | 443 | 49709 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.450701952 CEST | 443 | 49709 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.450769901 CEST | 49709 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.451836109 CEST | 49709 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.451906919 CEST | 443 | 49709 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.452147007 CEST | 49709 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.452159882 CEST | 443 | 49709 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.502423048 CEST | 443 | 49710 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.503984928 CEST | 443 | 49708 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.509677887 CEST | 49708 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.509701014 CEST | 443 | 49708 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.509924889 CEST | 49710 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.509984016 CEST | 443 | 49710 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.511162996 CEST | 443 | 49710 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.511229992 CEST | 49710 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.511248112 CEST | 443 | 49708 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.511298895 CEST | 49708 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.512782097 CEST | 49708 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.512865067 CEST | 443 | 49708 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.513506889 CEST | 49710 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.513650894 CEST | 443 | 49710 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.514209986 CEST | 49708 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.514216900 CEST | 443 | 49708 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.514281988 CEST | 49710 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.514300108 CEST | 443 | 49710 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.597909927 CEST | 49708 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.597914934 CEST | 49710 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.660130024 CEST | 443 | 49709 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.661864042 CEST | 49709 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.794471979 CEST | 443 | 49709 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.794537067 CEST | 443 | 49709 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.794564009 CEST | 443 | 49709 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.794589043 CEST | 443 | 49709 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.794610977 CEST | 49709 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.794627905 CEST | 443 | 49709 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.794645071 CEST | 49709 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:24.803750038 CEST | 443 | 49709 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:24.803845882 CEST | 49709 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:25.150229931 CEST | 443 | 49710 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:25.150290966 CEST | 49710 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:25.150321007 CEST | 443 | 49710 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:25.150382996 CEST | 443 | 49710 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:25.151849031 CEST | 49710 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:25.333487034 CEST | 443 | 49708 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:25.333554029 CEST | 49708 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:25.333575964 CEST | 443 | 49708 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:25.334098101 CEST | 443 | 49708 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:25.334147930 CEST | 49708 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:25.442217112 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 21:50:25.442343950 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 21:50:25.460170031 CEST | 443 | 49711 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:25.665088892 CEST | 49711 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:25.922269106 CEST | 49711 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:25.922354937 CEST | 443 | 49711 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:25.923896074 CEST | 443 | 49711 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:25.923913002 CEST | 443 | 49711 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:25.924000978 CEST | 49711 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:25.930546999 CEST | 49711 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:25.930651903 CEST | 443 | 49711 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:25.940757036 CEST | 49711 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:25.940777063 CEST | 443 | 49711 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:25.955265045 CEST | 49708 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:25.955313921 CEST | 443 | 49708 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.066838980 CEST | 49711 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.142621040 CEST | 49710 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.142643929 CEST | 443 | 49710 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.163532972 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.163580894 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.163640022 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.164283991 CEST | 49709 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.164295912 CEST | 443 | 49709 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.165810108 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.165819883 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.495141029 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.496053934 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.496068954 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.496525049 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.497519016 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.497586966 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.497989893 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.544117928 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.589463949 CEST | 443 | 49711 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.589534998 CEST | 49711 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.589554071 CEST | 443 | 49711 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.589618921 CEST | 443 | 49711 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.589746952 CEST | 49711 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.591367960 CEST | 49711 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.591382027 CEST | 443 | 49711 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.594069958 CEST | 49716 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.594103098 CEST | 443 | 49716 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.594161034 CEST | 49716 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.594454050 CEST | 49716 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.594469070 CEST | 443 | 49716 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.866767883 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.866820097 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.866852045 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.866866112 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.866874933 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.866920948 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.868220091 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.868247032 CEST | 443 | 49714 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.868304968 CEST | 49714 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.927212000 CEST | 443 | 49716 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:26.999763012 CEST | 49716 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:26.999783993 CEST | 443 | 49716 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:27.003492117 CEST | 443 | 49716 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:27.003525019 CEST | 443 | 49716 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:27.003582001 CEST | 49716 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:27.007909060 CEST | 49716 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:27.008147955 CEST | 443 | 49716 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:27.008538008 CEST | 49716 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:27.008557081 CEST | 443 | 49716 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:27.158874035 CEST | 49716 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:27.257015944 CEST | 443 | 49716 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:27.257160902 CEST | 443 | 49716 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:27.257251024 CEST | 49716 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:27.257267952 CEST | 443 | 49716 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:27.257453918 CEST | 443 | 49716 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:27.257509947 CEST | 49716 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:27.372338057 CEST | 49716 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:27.372366905 CEST | 443 | 49716 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:27.604433060 CEST | 49718 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:27.604473114 CEST | 443 | 49718 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:27.604598045 CEST | 49718 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:27.604909897 CEST | 49718 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:27.604926109 CEST | 443 | 49718 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:27.933234930 CEST | 443 | 49718 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:27.933747053 CEST | 49718 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:27.933758020 CEST | 443 | 49718 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:27.934211969 CEST | 443 | 49718 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:27.934788942 CEST | 49718 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:27.934870005 CEST | 443 | 49718 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:28.140125036 CEST | 443 | 49718 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:28.140176058 CEST | 49718 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:36.175875902 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 21:50:36.193061113 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 21:50:36.199027061 CEST | 49726 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 21:50:36.199065924 CEST | 443 | 49726 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 21:50:36.199156046 CEST | 49726 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 21:50:36.199455023 CEST | 49726 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 21:50:36.199469090 CEST | 443 | 49726 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 21:50:36.374670029 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 21:50:36.391055107 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 21:50:36.638379097 CEST | 443 | 49726 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 21:50:36.638470888 CEST | 49726 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 21:50:37.937038898 CEST | 443 | 49718 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:37.937088966 CEST | 443 | 49718 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:37.937185049 CEST | 49718 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:38.506225109 CEST | 49718 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:50:38.506239891 CEST | 443 | 49718 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:50:49.746189117 CEST | 49729 | 443 | 192.168.2.5 | 192.185.129.35 |
Apr 26, 2024 21:50:49.746246099 CEST | 443 | 49729 | 192.185.129.35 | 192.168.2.5 |
Apr 26, 2024 21:50:49.746325970 CEST | 49729 | 443 | 192.168.2.5 | 192.185.129.35 |
Apr 26, 2024 21:50:49.746851921 CEST | 49730 | 443 | 192.168.2.5 | 192.185.129.35 |
Apr 26, 2024 21:50:49.746915102 CEST | 443 | 49730 | 192.185.129.35 | 192.168.2.5 |
Apr 26, 2024 21:50:49.746965885 CEST | 49730 | 443 | 192.168.2.5 | 192.185.129.35 |
Apr 26, 2024 21:50:49.747312069 CEST | 49730 | 443 | 192.168.2.5 | 192.185.129.35 |
Apr 26, 2024 21:50:49.747328043 CEST | 443 | 49730 | 192.185.129.35 | 192.168.2.5 |
Apr 26, 2024 21:50:49.747710943 CEST | 49729 | 443 | 192.168.2.5 | 192.185.129.35 |
Apr 26, 2024 21:50:49.747725964 CEST | 443 | 49729 | 192.185.129.35 | 192.168.2.5 |
Apr 26, 2024 21:50:55.891752958 CEST | 443 | 49726 | 23.1.237.91 | 192.168.2.5 |
Apr 26, 2024 21:50:55.891838074 CEST | 49726 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 26, 2024 21:51:19.756694078 CEST | 49730 | 443 | 192.168.2.5 | 192.185.129.35 |
Apr 26, 2024 21:51:19.756891966 CEST | 49729 | 443 | 192.168.2.5 | 192.185.129.35 |
Apr 26, 2024 21:51:19.800129890 CEST | 443 | 49730 | 192.185.129.35 | 192.168.2.5 |
Apr 26, 2024 21:51:19.804126978 CEST | 443 | 49729 | 192.185.129.35 | 192.168.2.5 |
Apr 26, 2024 21:51:20.796144962 CEST | 49734 | 443 | 192.168.2.5 | 192.185.129.35 |
Apr 26, 2024 21:51:20.796190977 CEST | 443 | 49734 | 192.185.129.35 | 192.168.2.5 |
Apr 26, 2024 21:51:20.796468973 CEST | 49735 | 443 | 192.168.2.5 | 192.185.129.35 |
Apr 26, 2024 21:51:20.796504021 CEST | 443 | 49735 | 192.185.129.35 | 192.168.2.5 |
Apr 26, 2024 21:51:20.796515942 CEST | 49734 | 443 | 192.168.2.5 | 192.185.129.35 |
Apr 26, 2024 21:51:20.796552896 CEST | 49735 | 443 | 192.168.2.5 | 192.185.129.35 |
Apr 26, 2024 21:51:20.796751976 CEST | 49734 | 443 | 192.168.2.5 | 192.185.129.35 |
Apr 26, 2024 21:51:20.796766043 CEST | 443 | 49734 | 192.185.129.35 | 192.168.2.5 |
Apr 26, 2024 21:51:20.796880007 CEST | 49735 | 443 | 192.168.2.5 | 192.185.129.35 |
Apr 26, 2024 21:51:20.796895981 CEST | 443 | 49735 | 192.185.129.35 | 192.168.2.5 |
Apr 26, 2024 21:51:27.699620008 CEST | 49737 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:51:27.699712038 CEST | 443 | 49737 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:51:27.700122118 CEST | 49737 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:51:27.700511932 CEST | 49737 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:51:27.700541019 CEST | 443 | 49737 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:51:28.026850939 CEST | 443 | 49737 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:51:28.027293921 CEST | 49737 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:51:28.027323961 CEST | 443 | 49737 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:51:28.027657986 CEST | 443 | 49737 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:51:28.028150082 CEST | 49737 | 443 | 192.168.2.5 | 192.178.50.68 |
Apr 26, 2024 21:51:28.028243065 CEST | 443 | 49737 | 192.178.50.68 | 192.168.2.5 |
Apr 26, 2024 21:51:28.082444906 CEST | 49737 | 443 | 192.168.2.5 | 192.178.50.68 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 21:50:23.880469084 CEST | 53 | 54465 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 21:50:23.986891031 CEST | 60281 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 21:50:23.987065077 CEST | 55198 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 21:50:24.109018087 CEST | 53 | 54382 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 21:50:24.112260103 CEST | 53 | 55198 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 21:50:24.112284899 CEST | 53 | 60281 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 21:50:26.280019999 CEST | 53 | 56464 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 21:50:47.358455896 CEST | 53 | 65320 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 21:50:49.476867914 CEST | 50394 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 21:50:49.477377892 CEST | 49327 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 21:50:49.740477085 CEST | 53 | 49327 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 21:50:49.744966984 CEST | 53 | 50394 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 21:51:08.454086065 CEST | 53 | 51050 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 21:51:19.570481062 CEST | 53 | 56059 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 21:51:23.287247896 CEST | 53 | 62677 | 1.1.1.1 | 192.168.2.5 |
Apr 26, 2024 21:51:30.928349972 CEST | 53 | 58607 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 26, 2024 21:50:23.986891031 CEST | 192.168.2.5 | 1.1.1.1 | 0xf8d3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 21:50:23.987065077 CEST | 192.168.2.5 | 1.1.1.1 | 0x6edc | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 26, 2024 21:50:49.476867914 CEST | 192.168.2.5 | 1.1.1.1 | 0x5ac | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 26, 2024 21:50:49.477377892 CEST | 192.168.2.5 | 1.1.1.1 | 0x2647 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 26, 2024 21:50:24.112260103 CEST | 1.1.1.1 | 192.168.2.5 | 0x6edc | No error (0) | 65 | IN (0x0001) | false | |||
Apr 26, 2024 21:50:24.112284899 CEST | 1.1.1.1 | 192.168.2.5 | 0xf8d3 | No error (0) | 192.178.50.68 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:50:35.045207024 CEST | 1.1.1.1 | 192.168.2.5 | 0x46aa | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:50:35.045207024 CEST | 1.1.1.1 | 192.168.2.5 | 0x46aa | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:50:35.877217054 CEST | 1.1.1.1 | 192.168.2.5 | 0xe44c | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 21:50:35.877217054 CEST | 1.1.1.1 | 192.168.2.5 | 0xe44c | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:50:49.024296999 CEST | 1.1.1.1 | 192.168.2.5 | 0x2d2b | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 21:50:49.024296999 CEST | 1.1.1.1 | 192.168.2.5 | 0x2d2b | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:50:49.744966984 CEST | 1.1.1.1 | 192.168.2.5 | 0x5ac | No error (0) | 192.185.129.35 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:51:04.283483982 CEST | 1.1.1.1 | 192.168.2.5 | 0x9394 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 21:51:04.283483982 CEST | 1.1.1.1 | 192.168.2.5 | 0x9394 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 21:51:23.555521965 CEST | 1.1.1.1 | 192.168.2.5 | 0xc00f | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 26, 2024 21:51:23.555521965 CEST | 1.1.1.1 | 192.168.2.5 | 0xc00f | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49709 | 192.178.50.68 | 443 | 5768 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 19:50:24 UTC | 623 | OUT | |
2024-04-26 19:50:24 UTC | 1703 | IN | |
2024-04-26 19:50:24 UTC | 1703 | IN | |
2024-04-26 19:50:24 UTC | 1703 | IN | |
2024-04-26 19:50:24 UTC | 484 | IN | |
2024-04-26 19:50:24 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49708 | 192.178.50.68 | 443 | 5768 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 19:50:24 UTC | 353 | OUT | |
2024-04-26 19:50:25 UTC | 1815 | IN | |
2024-04-26 19:50:25 UTC | 427 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49710 | 192.178.50.68 | 443 | 5768 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 19:50:24 UTC | 526 | OUT | |
2024-04-26 19:50:25 UTC | 1842 | IN | |
2024-04-26 19:50:25 UTC | 458 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49711 | 192.178.50.68 | 443 | 5768 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 19:50:25 UTC | 353 | OUT | |
2024-04-26 19:50:26 UTC | 1761 | IN | |
2024-04-26 19:50:26 UTC | 417 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49714 | 192.178.50.68 | 443 | 5768 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 19:50:26 UTC | 928 | OUT | |
2024-04-26 19:50:26 UTC | 356 | IN | |
2024-04-26 19:50:26 UTC | 899 | IN | |
2024-04-26 19:50:26 UTC | 1255 | IN | |
2024-04-26 19:50:26 UTC | 1032 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49716 | 192.178.50.68 | 443 | 5768 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 19:50:27 UTC | 738 | OUT | |
2024-04-26 19:50:27 UTC | 356 | IN | |
2024-04-26 19:50:27 UTC | 899 | IN | |
2024-04-26 19:50:27 UTC | 1255 | IN | |
2024-04-26 19:50:27 UTC | 960 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 21:50:14 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 21:50:21 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 21:50:21 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 4 |
Start time: | 21:50:22 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 7 |
Start time: | 21:50:48 |
Start date: | 26/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |