Windows
Analysis Report
https://rlx10ld2n.duckdns.org/
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 5860 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 1472 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2540 --fi eld-trial- handle=249 6,i,888964 2804413005 353,714680 4908975303 741,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6396 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http://2 4920850606 5339175713 0653436826 2033923223 2032338309 3403644966 8026160985 3560675097 8510306553 4120013181 7362917853 3777592003 9000160515 4889513680 0267487876 30195/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6468 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2040 --fi eld-trial- handle=200 0,i,156234 8106749159 0330,11717 5770403490 38917,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 2272 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://rlx10 ld2n.duckd ns.org/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | DNS query: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 14 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
rlx10ld2n.duckdns.org | 117.52.18.147 | true | true | unknown | |
www.google.com | 142.251.40.196 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
117.52.18.147 | rlx10ld2n.duckdns.org | Korea Republic of | 3786 | LGDACOMLGDACOMCorporationKR | true | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.251.40.196 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432420 |
Start date and time: | 2024-04-27 01:30:21 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 23s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://rlx10ld2n.duckdns.org/ |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal52.troj.win@26/8@4/4 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- URL not reachable
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.251.40.131, 142.250.80.78, 172.253.63.84, 34.104.35.123, 23.51.58.94, 20.114.59.183, 69.164.46.0, 104.117.182.73, 104.117.182.64, 192.229.211.108, 20.242.39.171, 13.85.23.206
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, clients.l.google.com, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: https://rlx10ld2n.duckdns.org/
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9813883365562255 |
Encrypted: | false |
SSDEEP: | 48:88dWTS2RHWidAKZdA19ehwiZUklqehTy+3:8dHugy |
MD5: | C2C5257DB025FC590854291E844FE0F5 |
SHA1: | 2B3FFB283B84A2C301F4A4456952A8C9EBF9AAEE |
SHA-256: | 32722AC0B8C01CD8C556D16F831844826B8A89217CB315B0888B969DA9723530 |
SHA-512: | 10455907E1F7B9B6D45ADD503928018B9EC29D34ADD1191AB5DA6A92F72CF807B91FFFBE9B0EEB4F6097908B93D044B0277F0E242D46F21AB7D913E337D1ACB9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9951846324742784 |
Encrypted: | false |
SSDEEP: | 48:8TwdWTS2RHWidAKZdA1weh/iZUkAQkqehQy+2:8TZHs9Q5y |
MD5: | CDD7EF850C755AECDA8751F4582877B1 |
SHA1: | E0F4B4A1D2D2D5ED861F81C287E1BF0E6645F4AF |
SHA-256: | 21C8915923B2F210CC6BE14A30524FE2424599736F9DA31D5EB42F5F7DDFF3C9 |
SHA-512: | B9927F01D1B4383B51DE3749DCEA839441932252E2DA5D0A2867D4029ECDCCBC55360ED1D33EEF805E4587BB3DB6593666454C6683424099C2E9C99FB9FE444A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.007259149186212 |
Encrypted: | false |
SSDEEP: | 48:8x3dWTS2sHWidAKZdA14tseh7sFiZUkmgqeh7suy+BX:8x4Hvnsy |
MD5: | 78ED8450D9A2FB1AF168944F2246B3DA |
SHA1: | F8111B4C3A0EECB67641EE0DF95DD7DA2FBE32BE |
SHA-256: | 0FA9F6D300DA434CAAD35F5F92B7298DB1695B01484725CA14C0F0868E47E427 |
SHA-512: | 8A15A384A0DF933BCDAA7EE9AC59DDB6B255DE8B12CDB04E9E74959DC9EF7E37AFF1C5A6F2DD0A6905D82A08ABA1F1D20D6C7D41F6EFA7C04EC0EFE6C0A55356 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9979030962938302 |
Encrypted: | false |
SSDEEP: | 48:8HdWTS2RHWidAKZdA1vehDiZUkwqehUy+R:8oHX2y |
MD5: | B1D8CC696DAF2F043C9B6446E904E90C |
SHA1: | AA03F2E90F7F0697D56B2C4C39F4224125EC08E9 |
SHA-256: | 20B8BF2380CED9CCE5DA0479F555C243244D6AA345541D2F9C8729AA462BCC60 |
SHA-512: | E15E978909E257FDB28CC2871FE2DB748E75785B81D59731B6169CD55B35441B8173DDCEA3A969E0DEF3610A7172F8D5061B54BAAD01CA272CAFE1C56D5859A2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.983186864118485 |
Encrypted: | false |
SSDEEP: | 48:8LdWTS2RHWidAKZdA1hehBiZUk1W1qehqy+C:80Hn9Ky |
MD5: | F66BA7F337538D614F3BB0A63A72A934 |
SHA1: | 8E34375F7C8D445172EF6E63D4DDA1D04F8C84E5 |
SHA-256: | 6610FC8627E8F1011C30593563749AB3CE5923D7F60B52DDBE7C2659E3F4AB33 |
SHA-512: | 12D31CA5E21C76AB7462BAC8F2BC7152B1FBEF475C765FA05AC1AC0149B091036154ECA9DB31190E9E0BAC1A421EA98F5F8B6B7D74B014C4DDE51F1E0E353CF0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.995619105572347 |
Encrypted: | false |
SSDEEP: | 48:8KdWTS2RHWidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbsy+yT+:8rHvT/TbxWOvTbsy7T |
MD5: | CB605C773E5F705A69065AE4DFD4AF38 |
SHA1: | 64E5914AB31ABE1C8C64A5774E394E707E7E1C47 |
SHA-256: | 97769BDE171C38FC4C4A714AF141985273BD38280F04CA70D0AF550202D81B09 |
SHA-512: | 6DA55F424223D394EA9DE6EB227EAD54919B212E2AE957D54FC0266BE1A3A19750DC8D5FA691AD4DC02D3436266B64CE1342A800345BF980633DFD23D6D6DC1D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1738 |
Entropy (8bit): | 5.811591598690055 |
Encrypted: | false |
SSDEEP: | 48:KSAs0BgFKlgZ01RFwakR3q8xVH0g2zN3ruSEqHfffffo:Ka0BRliPD3q8XHkZdfffffo |
MD5: | 54D49BDF747FC76FD2884C9D2E0E823C |
SHA1: | 1AE6DECA2A0C685E20773FC2AA165A88D600FA74 |
SHA-256: | 58A231A8C54E7A7788A64738A94D4968D9BDD627F256F34A1726D958F883CD8C |
SHA-512: | A6C98E35A5219F73E1BF413FE040CB16A5BFB29CD2D426C2E7E6AE24E7EA9EB9287E3132F7A72F4EA4A0174D983319C418835F51846F3714462F85FCCFC3602D |
Malicious: | false |
Reputation: | low |
URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 27, 2024 01:31:03.619302034 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:03.619365931 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:03.728694916 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:12.657963037 CEST | 49708 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:12.658045053 CEST | 443 | 49708 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:12.658113956 CEST | 49708 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:12.658343077 CEST | 49708 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:12.658376932 CEST | 443 | 49708 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:12.780550003 CEST | 49709 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:12.780580997 CEST | 443 | 49709 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:12.780648947 CEST | 49709 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:12.780865908 CEST | 49709 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:12.780877113 CEST | 443 | 49709 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:12.781353951 CEST | 49710 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:12.781419039 CEST | 443 | 49710 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:12.781476021 CEST | 49710 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:12.781761885 CEST | 49711 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:12.781793118 CEST | 443 | 49711 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:12.781845093 CEST | 49711 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:12.782119989 CEST | 49711 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:12.782121897 CEST | 49710 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:12.782135963 CEST | 443 | 49711 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:12.782151937 CEST | 443 | 49710 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:12.930712938 CEST | 443 | 49708 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:12.932343006 CEST | 49708 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:12.932421923 CEST | 443 | 49708 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:12.933876991 CEST | 443 | 49708 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:12.933947086 CEST | 49708 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:12.935305119 CEST | 49708 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:12.935395002 CEST | 443 | 49708 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:12.935477972 CEST | 49708 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:12.976161003 CEST | 443 | 49708 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.011133909 CEST | 49708 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.011154890 CEST | 443 | 49708 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.045265913 CEST | 443 | 49711 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.047590971 CEST | 49711 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.047602892 CEST | 443 | 49711 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.047899008 CEST | 443 | 49709 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.049043894 CEST | 443 | 49711 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.049128056 CEST | 49711 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.049227953 CEST | 49709 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.049248934 CEST | 443 | 49709 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.049541950 CEST | 49711 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.049621105 CEST | 443 | 49711 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.049925089 CEST | 49711 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.049932003 CEST | 443 | 49711 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.052829027 CEST | 443 | 49709 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.052908897 CEST | 49709 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.053282022 CEST | 49709 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.053360939 CEST | 443 | 49709 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.053457975 CEST | 49709 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.053467989 CEST | 443 | 49709 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.066715956 CEST | 443 | 49710 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.066903114 CEST | 49710 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.066926003 CEST | 443 | 49710 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.068358898 CEST | 443 | 49710 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.068434954 CEST | 49710 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.068829060 CEST | 49710 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.068969965 CEST | 443 | 49710 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.158554077 CEST | 49710 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.158555031 CEST | 49708 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.158574104 CEST | 443 | 49710 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.205595970 CEST | 49711 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.205611944 CEST | 49709 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.235552073 CEST | 443 | 49708 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.235697985 CEST | 443 | 49708 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.235816002 CEST | 49708 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.235855103 CEST | 443 | 49708 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.240055084 CEST | 443 | 49708 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.240168095 CEST | 49708 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.240307093 CEST | 49708 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.240335941 CEST | 443 | 49708 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.314990997 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:13.315009117 CEST | 49710 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.408715963 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:13.502440929 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:13.742613077 CEST | 443 | 49709 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.742708921 CEST | 49709 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.742778063 CEST | 443 | 49709 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.742991924 CEST | 443 | 49709 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.744910955 CEST | 49709 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.787408113 CEST | 443 | 49711 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.787473917 CEST | 49711 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.787503958 CEST | 443 | 49711 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.787585974 CEST | 443 | 49711 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:13.788609028 CEST | 49711 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.880222082 CEST | 49709 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:13.880247116 CEST | 443 | 49709 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:14.714067936 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 01:31:14.714324951 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:15.067456007 CEST | 49710 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:15.076852083 CEST | 49711 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:15.076885939 CEST | 443 | 49711 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:15.108124971 CEST | 443 | 49710 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:15.201071024 CEST | 443 | 49710 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:15.201123953 CEST | 443 | 49710 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:15.201174974 CEST | 49710 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:15.201191902 CEST | 443 | 49710 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:15.201209068 CEST | 443 | 49710 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:15.201251030 CEST | 49710 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:15.201272964 CEST | 443 | 49710 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:15.201293945 CEST | 443 | 49710 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:15.201335907 CEST | 49710 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:15.475297928 CEST | 49714 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:15.475338936 CEST | 443 | 49714 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:15.475394964 CEST | 49714 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:15.475963116 CEST | 49710 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:15.475992918 CEST | 443 | 49710 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:15.476742983 CEST | 49714 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:15.476762056 CEST | 443 | 49714 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:15.747220039 CEST | 443 | 49714 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:15.747837067 CEST | 49714 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:15.747858047 CEST | 443 | 49714 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:15.748984098 CEST | 443 | 49714 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:15.749593973 CEST | 49714 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:15.749768019 CEST | 443 | 49714 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:15.749917030 CEST | 49714 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:15.792140007 CEST | 443 | 49714 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:16.015424967 CEST | 443 | 49714 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:16.015569925 CEST | 443 | 49714 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:16.015728951 CEST | 443 | 49714 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:16.015783072 CEST | 49714 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:16.015804052 CEST | 443 | 49714 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:16.015925884 CEST | 443 | 49714 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:16.015978098 CEST | 49714 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:16.020034075 CEST | 49714 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:16.020047903 CEST | 443 | 49714 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:16.498079062 CEST | 49717 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:16.498130083 CEST | 443 | 49717 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:16.498197079 CEST | 49717 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:16.500289917 CEST | 49717 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:16.500309944 CEST | 443 | 49717 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:16.768243074 CEST | 443 | 49717 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:16.768665075 CEST | 49717 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:16.768699884 CEST | 443 | 49717 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:16.769155025 CEST | 443 | 49717 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:16.769570112 CEST | 49717 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:16.769653082 CEST | 443 | 49717 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:16.811260939 CEST | 49717 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:25.253671885 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:25.253983021 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:25.254276991 CEST | 49725 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:25.254295111 CEST | 443 | 49725 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 01:31:25.254427910 CEST | 49725 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:25.254797935 CEST | 49725 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:25.254813910 CEST | 443 | 49725 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 01:31:25.406991005 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 01:31:25.407138109 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 01:31:25.578504086 CEST | 443 | 49725 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 01:31:25.578572989 CEST | 49725 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:25.598242044 CEST | 49725 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:25.598256111 CEST | 443 | 49725 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 01:31:25.599327087 CEST | 443 | 49725 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 01:31:25.599416971 CEST | 49725 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:25.601336002 CEST | 49725 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:25.601393938 CEST | 443 | 49725 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 01:31:25.601502895 CEST | 49725 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:25.601509094 CEST | 443 | 49725 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 01:31:26.056874037 CEST | 443 | 49725 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 01:31:26.056962013 CEST | 49725 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:26.057457924 CEST | 443 | 49725 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 01:31:26.057512045 CEST | 49725 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:26.057576895 CEST | 443 | 49725 | 23.1.237.91 | 192.168.2.5 |
Apr 27, 2024 01:31:26.057629108 CEST | 49725 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 27, 2024 01:31:26.818767071 CEST | 443 | 49717 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:26.818842888 CEST | 443 | 49717 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:26.818892956 CEST | 49717 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:27.155603886 CEST | 49717 | 443 | 192.168.2.5 | 142.251.40.196 |
Apr 27, 2024 01:31:27.155637980 CEST | 443 | 49717 | 142.251.40.196 | 192.168.2.5 |
Apr 27, 2024 01:31:38.000946045 CEST | 49727 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:38.001017094 CEST | 443 | 49727 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:38.001188993 CEST | 49727 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:38.001554966 CEST | 49728 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:38.001591921 CEST | 443 | 49728 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:38.001650095 CEST | 49728 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:38.002033949 CEST | 49728 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:38.002053022 CEST | 443 | 49728 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:38.002423048 CEST | 49727 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:38.002454996 CEST | 443 | 49727 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:38.589318991 CEST | 443 | 49728 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:38.638235092 CEST | 49728 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:39.763827085 CEST | 49728 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:39.763861895 CEST | 443 | 49728 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:39.765480042 CEST | 443 | 49728 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:39.765553951 CEST | 49728 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:39.767990112 CEST | 443 | 49728 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:39.768040895 CEST | 49728 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:39.797848940 CEST | 49728 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:39.798118114 CEST | 443 | 49728 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:39.798216105 CEST | 49728 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:39.798227072 CEST | 443 | 49728 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:39.844084024 CEST | 49728 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:40.084858894 CEST | 443 | 49728 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:40.085024118 CEST | 443 | 49728 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:40.085078955 CEST | 49728 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:40.408787966 CEST | 443 | 49727 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:40.443284035 CEST | 49728 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:40.443327904 CEST | 443 | 49728 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:40.453761101 CEST | 49727 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:40.463689089 CEST | 49727 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:40.463702917 CEST | 443 | 49727 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:40.465358973 CEST | 443 | 49727 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:40.465444088 CEST | 49727 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:40.467859983 CEST | 443 | 49727 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:40.467921019 CEST | 49727 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:40.482374907 CEST | 49727 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:40.482590914 CEST | 443 | 49727 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:40.531582117 CEST | 49727 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:40.531599998 CEST | 443 | 49727 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:40.576968908 CEST | 49727 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:41.672156096 CEST | 49729 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:41.672194004 CEST | 443 | 49729 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:41.672408104 CEST | 49729 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:41.672983885 CEST | 49729 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:41.673000097 CEST | 443 | 49729 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:41.683165073 CEST | 49727 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:41.728115082 CEST | 443 | 49727 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:42.256032944 CEST | 443 | 49729 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:42.259494066 CEST | 49729 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:42.259511948 CEST | 443 | 49729 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:42.260881901 CEST | 443 | 49729 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:42.261915922 CEST | 49729 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:42.262267113 CEST | 443 | 49729 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:42.312570095 CEST | 49729 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:42.769773006 CEST | 443 | 49727 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:42.769931078 CEST | 443 | 49727 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:42.769999981 CEST | 49727 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:44.197005033 CEST | 49727 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:44.197043896 CEST | 443 | 49727 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:44.197340012 CEST | 49729 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:44.244121075 CEST | 443 | 49729 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:44.482242107 CEST | 443 | 49729 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:44.482400894 CEST | 443 | 49729 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:44.482441902 CEST | 49729 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:44.482460976 CEST | 443 | 49729 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:44.482492924 CEST | 49729 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:44.483047962 CEST | 49730 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:44.483092070 CEST | 443 | 49730 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:44.483161926 CEST | 49730 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:44.483366013 CEST | 49730 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:44.483381987 CEST | 443 | 49730 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:45.060635090 CEST | 443 | 49730 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:45.061925888 CEST | 49730 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:45.061949015 CEST | 443 | 49730 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:45.062292099 CEST | 443 | 49730 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:45.062947035 CEST | 49730 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:45.063016891 CEST | 443 | 49730 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:45.063297033 CEST | 49730 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:45.108114004 CEST | 443 | 49730 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:45.629043102 CEST | 443 | 49730 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:45.629205942 CEST | 443 | 49730 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:45.629264116 CEST | 49730 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:45.630075932 CEST | 49730 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:45.630094051 CEST | 443 | 49730 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:50.650501013 CEST | 49731 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:50.650537014 CEST | 443 | 49731 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:50.650732040 CEST | 49731 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:50.651468039 CEST | 49732 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:50.651508093 CEST | 443 | 49732 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:50.651508093 CEST | 49731 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:50.651523113 CEST | 443 | 49731 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:50.651654005 CEST | 49732 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:50.652620077 CEST | 49732 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:50.652632952 CEST | 443 | 49732 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:51.223953009 CEST | 443 | 49731 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:51.224219084 CEST | 49731 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:51.224248886 CEST | 443 | 49731 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:51.225599051 CEST | 443 | 49731 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:51.225965977 CEST | 49731 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:51.226104975 CEST | 49731 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:51.226110935 CEST | 443 | 49731 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:51.226155996 CEST | 443 | 49731 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:51.228624105 CEST | 443 | 49732 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:51.228827953 CEST | 49732 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:51.228846073 CEST | 443 | 49732 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:51.230118990 CEST | 443 | 49732 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:51.230479956 CEST | 49732 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:51.230652094 CEST | 443 | 49732 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:51.272577047 CEST | 49731 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:51.272711039 CEST | 49732 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:51.788664103 CEST | 443 | 49731 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:51.788825989 CEST | 443 | 49731 | 117.52.18.147 | 192.168.2.5 |
Apr 27, 2024 01:31:51.789048910 CEST | 49731 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:51.789150953 CEST | 49731 | 443 | 192.168.2.5 | 117.52.18.147 |
Apr 27, 2024 01:31:51.789165020 CEST | 443 | 49731 | 117.52.18.147 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 27, 2024 01:31:12.314534903 CEST | 53 | 54840 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 01:31:12.320761919 CEST | 53 | 55700 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 01:31:12.551518917 CEST | 52139 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 01:31:12.551919937 CEST | 62436 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 01:31:12.640248060 CEST | 53 | 52139 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 01:31:12.641118050 CEST | 53 | 62436 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 01:31:13.146038055 CEST | 53 | 57549 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 01:31:34.865880966 CEST | 53 | 57947 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 01:31:37.889110088 CEST | 55795 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 01:31:37.889914036 CEST | 56540 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 27, 2024 01:31:37.997636080 CEST | 53 | 56540 | 1.1.1.1 | 192.168.2.5 |
Apr 27, 2024 01:31:38.000164986 CEST | 53 | 55795 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 27, 2024 01:31:12.551518917 CEST | 192.168.2.5 | 1.1.1.1 | 0x26ea | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 01:31:12.551919937 CEST | 192.168.2.5 | 1.1.1.1 | 0xe4c7 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 27, 2024 01:31:37.889110088 CEST | 192.168.2.5 | 1.1.1.1 | 0x4a4e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 01:31:37.889914036 CEST | 192.168.2.5 | 1.1.1.1 | 0x97b | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 27, 2024 01:31:12.640248060 CEST | 1.1.1.1 | 192.168.2.5 | 0x26ea | No error (0) | 142.251.40.196 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 01:31:12.641118050 CEST | 1.1.1.1 | 192.168.2.5 | 0xe4c7 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 27, 2024 01:31:25.021698952 CEST | 1.1.1.1 | 192.168.2.5 | 0x66b9 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 27, 2024 01:31:25.021698952 CEST | 1.1.1.1 | 192.168.2.5 | 0x66b9 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 01:31:37.682528019 CEST | 1.1.1.1 | 192.168.2.5 | 0x6ade | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 27, 2024 01:31:37.682528019 CEST | 1.1.1.1 | 192.168.2.5 | 0x6ade | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 01:31:38.000164986 CEST | 1.1.1.1 | 192.168.2.5 | 0x4a4e | No error (0) | 117.52.18.147 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 01:31:51.759638071 CEST | 1.1.1.1 | 192.168.2.5 | 0xe2ef | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 27, 2024 01:31:51.759638071 CEST | 1.1.1.1 | 192.168.2.5 | 0xe2ef | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49708 | 142.251.40.196 | 443 | 1472 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 23:31:12 UTC | 623 | OUT | |
2024-04-26 23:31:13 UTC | 1703 | IN | |
2024-04-26 23:31:13 UTC | 1703 | IN | |
2024-04-26 23:31:13 UTC | 42 | IN | |
2024-04-26 23:31:13 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49711 | 142.251.40.196 | 443 | 1472 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 23:31:13 UTC | 526 | OUT | |
2024-04-26 23:31:13 UTC | 1843 | IN | |
2024-04-26 23:31:13 UTC | 458 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49709 | 142.251.40.196 | 443 | 1472 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 23:31:13 UTC | 353 | OUT | |
2024-04-26 23:31:13 UTC | 1761 | IN | |
2024-04-26 23:31:13 UTC | 417 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49710 | 142.251.40.196 | 443 | 1472 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 23:31:15 UTC | 738 | OUT | |
2024-04-26 23:31:15 UTC | 356 | IN | |
2024-04-26 23:31:15 UTC | 899 | IN | |
2024-04-26 23:31:15 UTC | 1255 | IN | |
2024-04-26 23:31:15 UTC | 959 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49714 | 142.251.40.196 | 443 | 1472 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 23:31:15 UTC | 928 | OUT | |
2024-04-26 23:31:16 UTC | 356 | IN | |
2024-04-26 23:31:16 UTC | 899 | IN | |
2024-04-26 23:31:16 UTC | 1255 | IN | |
2024-04-26 23:31:16 UTC | 1031 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
5 | 192.168.2.5 | 49725 | 23.1.237.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 23:31:25 UTC | 2148 | OUT | |
2024-04-26 23:31:25 UTC | 1 | OUT | |
2024-04-26 23:31:25 UTC | 2483 | OUT | |
2024-04-26 23:31:26 UTC | 480 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49728 | 117.52.18.147 | 443 | 1472 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 23:31:39 UTC | 664 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49727 | 117.52.18.147 | 443 | 1472 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 23:31:41 UTC | 690 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 49729 | 117.52.18.147 | 443 | 1472 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 23:31:44 UTC | 690 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.5 | 49730 | 117.52.18.147 | 443 | 1472 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 23:31:45 UTC | 690 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.5 | 49731 | 117.52.18.147 | 443 | 1472 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 23:31:51 UTC | 690 | OUT |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 01:31:03 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 01:31:10 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 01:31:10 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 4 |
Start time: | 01:31:11 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 7 |
Start time: | 01:31:36 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |