Edit tour
Windows
Analysis Report
FW URGENT RFQ-400098211.exe
Overview
General Information
Detection
AgentTesla
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: MSBuild connects to smtp port
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected UAC Bypass using CMSTP
.NET source code references suspicious native API functions
Allocates memory in foreign processes
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match
Classification
- System is w10x64
- FW URGENT RFQ-400098211.exe (PID: 5728 cmdline:
"C:\Users\ user\Deskt op\FW URGE NT RFQ-400 098211.exe " MD5: EB22DF9E911F644327E4417B7E170727) - InstallUtil.exe (PID: 7216 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\ins tallutil.e xe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57) - MSBuild.exe (PID: 7288 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\msb uild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232) - WerFault.exe (PID: 7860 cmdline:
C:\Windows \system32\ WerFault.e xe -u -p 5 728 -s 110 4 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
- chrome.exe (PID: 7232 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http://% 3cfnc1%3e( %08)192207 0809621129 8627136324 5700090061 6682184067 8235953347 6819003707 / MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7572 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2424 --fi eld-trial- handle=239 2,i,109648 6105003789 1216,14656 8942805073 00521,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
{"Exfil Mode": "SMTP", "Port": "587", "Host": "terminal4.veeblehosting.com", "Username": "appo@kailmaticarbon.com", "Password": "Ifeanyi1987@"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_UACBypassusingCMSTP | Yara detected UAC Bypass using CMSTP | Joe Security | ||
Click to see the 10 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 13 entries |
Networking |
---|
Source: | Author: Joe Security: |
System Summary |
---|
Source: | Author: Kiran kumar s, oscd.community: |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Exploits |
---|
Source: | File source: | ||
Source: | File source: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | .Net Code: | ||
Source: | .Net Code: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FFD9BA27268 | |
Source: | Code function: | 0_2_00007FFD9BA14258 | |
Source: | Code function: | 0_2_00007FFD9BA1EA21 | |
Source: | Code function: | 0_2_00007FFD9BA2774B | |
Source: | Code function: | 0_2_00007FFD9BA1FEBA | |
Source: | Code function: | 0_2_00007FFD9BA1E599 | |
Source: | Code function: | 0_2_00007FFD9BA215A9 | |
Source: | Code function: | 0_2_00007FFD9BA16C8C | |
Source: | Code function: | 0_2_00007FFD9BA22C5A | |
Source: | Code function: | 3_2_01894AC0 | |
Source: | Code function: | 3_2_0189CE88 | |
Source: | Code function: | 3_2_01893EA8 | |
Source: | Code function: | 3_2_018941F0 | |
Source: | Code function: | 3_2_0189F6D0 | |
Source: | Code function: | 3_2_06D287C8 | |
Source: | Code function: | 3_2_06D232D0 | |
Source: | Code function: | 3_2_06D20040 | |
Source: | Code function: | 3_2_06D29C00 | |
Source: | Code function: | 3_2_06D2E840 | |
Source: | Code function: | 3_2_06D259B0 | |
Source: | Code function: | 3_2_06D28F00 | |
Source: | Code function: | 3_2_06D2ACA8 | |
Source: | Code function: | 3_2_06D20007 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Suspicious URL: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00007FFD9BA259D8 | |
Source: | Code function: | 0_2_00007FFD9BA100C1 | |
Source: | Code function: | 0_2_00007FFD9BA259D8 | |
Source: | Code function: | 0_2_00007FFD9BA255DB | |
Source: | Code function: | 0_2_00007FFD9BA255DB | |
Source: | Code function: | 0_2_00007FFD9BAF0312 | |
Source: | Code function: | 3_2_06D2B9DD | |
Source: | Code function: | 3_2_072C27D3 | |
Source: | Code function: | 3_2_072C11C0 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File source: |
Source: | HTTP traffic detected: |
Source: | WMI Queries: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | Code function: | 3_2_018970B0 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 2 OS Credential Dumping | 1 File and Directory Discovery | Remote Services | 11 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 311 Process Injection | 1 Deobfuscate/Decode Files or Information | 1 Input Capture | 24 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | 1 Credentials in Registry | 431 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Timestomp | NTDS | 1 Process Discovery | Distributed Component Object Model | 1 Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 151 Virtualization/Sandbox Evasion | SSH | Keylogging | 13 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 151 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 311 Process Injection | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
38% | ReversingLabs | ByteCode-MSIL.Trojan.Generic | ||
30% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false |
| unknown |
plus.l.google.com | 172.217.12.142 | true | false | high | |
www3.l.google.com | 142.250.72.142 | true | false | high | |
www.google.com | 142.250.68.4 | true | false | high | |
ip-api.com | 208.95.112.1 | true | false | high | |
terminal4.veeblehosting.com | 108.170.55.203 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false |
| unknown |
ogs.google.com | unknown | unknown | false | high | |
apis.google.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.68.4 | www.google.com | United States | 15169 | GOOGLEUS | false | |
108.170.55.203 | terminal4.veeblehosting.com | United States | 20454 | SSASN2US | false | |
208.95.112.1 | ip-api.com | United States | 53334 | TUT-ASUS | false | |
172.217.12.142 | plus.l.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.72.142 | www3.l.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1436367 |
Start date and time: | 2024-05-04 20:22:04 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 29s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | FW URGENT RFQ-400098211.exe |
Detection: | MAL |
Classification: | mal100.spre.troj.spyw.expl.evad.winEXE@24/38@8/7 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, MoUsoCoreWorker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.188.227, 142.250.72.174, 142.250.141.84, 34.104.35.123, 172.217.12.131, 20.190.190.194, 20.190.190.129, 40.126.62.132, 40.126.62.131, 20.190.190.195, 40.126.62.130, 40.126.62.129, 20.190.190.131, 199.232.210.172, 192.229.211.108, 72.247.100.147, 52.165.165.26, 20.242.39.171, 20.189.173.20, 13.85.23.206, 52.168.117.173, 142.250.189.3, 20.42.73.29, 13.89.179.12, 142.250.217.142, 142.250.176.3, 20.42.65.92
- Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ssl.gstatic.com, slscr.update.microsoft.com, clientservices.googleapis.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, clients2.google.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, sls.update.microsoft.com, update.googleapis.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, clients1.google.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, fonts.gstatic.com, www.tm.v4.a.prd.aadg.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.micr
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
Time | Type | Description |
---|---|---|
20:22:56 | API Interceptor | |
20:23:13 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
208.95.112.1 | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Exela Stealer, Growtopia, Python Stealer | Browse |
| ||
108.170.55.203 | Get hash | malicious | AgentTesla | Browse | ||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
239.255.255.250 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Tofsee | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | LockBit ransomware, PureLog Stealer | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla | Browse | |||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse | |||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse | |||
Get hash | malicious | XWorm | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
fp2e7a.wpc.phicdn.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AsyncRAT, PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
terminal4.veeblehosting.com | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, Discord Token Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
ip-api.com | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Exela Stealer, Growtopia, Python Stealer | Browse |
| ||
bg.microsoft.map.fastly.net | Get hash | malicious | PureLog Stealer | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | FormBook, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AsyncRAT, PureLog Stealer, XWorm | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SSASN2US | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | AgentTesla, Discord Token Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai, Gafgyt | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
TUT-ASUS | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Exela Stealer, Growtopia, Python Stealer | Browse |
|
⊘No context
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_FW URGENT RFQ-40_7b4ba10a7e256748f6f118029da9b3f3baca43_b2e69f44_3f478f6a-47e9-4ca9-9e2c-ed1dc2481a54\Report.wer
Download File
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0600646971046248 |
Encrypted: | false |
SSDEEP: | 192:MpGoE7lg+i0eVh3aWBei+uzuiF9Z24lO8i3g:WGoClgYeVh3amEuzuiF9Y4lO8i3 |
MD5: | D2BFB188D8E3FE3188D26106898B9897 |
SHA1: | BDC62CF63DD16B56181CFB3EF6E95925E276867F |
SHA-256: | 3657C50002DC45FA9932F31CB9591925CA9850192888189986E5141BAE6F7929 |
SHA-512: | FF60A26DF2D64DB55D446BB1152472A820A0654FDB5CD4F8E50F146BB97F5EFFCB01BA6E4A75F15A519C24B12923628669F3CF8330C250D4BC615B0B569EAF9E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 454379 |
Entropy (8bit): | 3.412903267066276 |
Encrypted: | false |
SSDEEP: | 3072:vkz0pfXgV6bDu+cyWs4fvjwPHTbjEXr6bJ2DcSfSnleR/s5FTyLBQ71CCq3lVCpA:s6X04Du+brCM2XKSs2LGzq4A3Q |
MD5: | 11821CC6265A856589D2B6C9E52F5264 |
SHA1: | FF8DCB6509E09B4CAE0E30D9D69B3AD9176C2594 |
SHA-256: | EC036A0D02BE633E194A5E8543824AC4A2893B23182273C5EA903777A84D2A0A |
SHA-512: | 8A4392DAF3C4C85E2D96BB5F2B647D25667368A5DDAA82F36773AB4048E3BC7E63A23619652BB0019D028E23170EE048AE89186BA87D63A3BE07414F7285A17E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8688 |
Entropy (8bit): | 3.7097608947459677 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJgegP6Y92VeRgmfZ7Mpr889bOCTf56m:R6lXJRy6YsVeRgmf1IOOfV |
MD5: | CC225539B8BDC48F9EA1562A518314FC |
SHA1: | 5873DA670E86A4CD7FAA9337DFDD9EE31478AB02 |
SHA-256: | 5B5C5C845C86C00020CB19819E059FD9A590AEA82A3CF3B495592C6E9F6C123B |
SHA-512: | 28B2A500C0F1C04157C7973653D31DD1E6BBE81D423C1261EF3D31A8F5B2F891DA8E41E0EDEE58CF97278EFB19D65226178462A7AE0B8A5C21938CC978C6FBC9 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4893 |
Entropy (8bit): | 4.554438901647365 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsSQJg771I92JWpW8VYdYm8M4J5E6F8Eyq8vaEDnEHwpgd:uIjfjI7947VpJqCWDDnwwpgd |
MD5: | FAC515654330C9ED14CBB65B5BD673CE |
SHA1: | 81781258CA2FF7FB1FAFA938A88FF9CFDE93A939 |
SHA-256: | C0663C54F479D47FFB9C12AE25B1BF8E4568FE3F291D4D6310C9D89C08B837BE |
SHA-512: | E099FA47DE70E35CF749AF40680D5D988F3E6C43DFB31351AC0F70953D170B2E6582BF8BA8FC7E8424E5F051A171AAD85060B7C3381CFA827881E0DD593B8AA8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\System32\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.466156729550912 |
Encrypted: | false |
SSDEEP: | 6144:iIXfpi67eLPU9skLmb0b4mWSPKaJG8nAgejZMMhA2gX4WABl0uNXdwBCswSb+:HXD94mWlLZMM6YFHl++ |
MD5: | A8CDC0657DDE0F727ADB7E6BA21C6E10 |
SHA1: | 0D6DB5DA8EC2E34D108BDEEF7E381148F3F94F66 |
SHA-256: | AB4E2A9E0CABA87FB968D8A9B011F4ACA020AEBE8A054D8183A107734FDCC120 |
SHA-512: | FF58AAD5FD38369AEDDBB0366BADEFA00E3E95F2F2D880A3B1C369E9E398A90C1F8FBE96F6E0C47301DC2B4A10B5B1BA32720D9973F1A53462671FB18EB928F5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 264743 |
Entropy (8bit): | 5.479126042995795 |
Encrypted: | false |
SSDEEP: | 3072:XdPMHc2NQzfk5eINolYDt6QYGfOvNoK42TCboc:yNQz4NolQwQz2lVZmboc |
MD5: | 951F5CB1728D3C62E6006801A61D2BE3 |
SHA1: | 3B9B0CD9203226263F8E32B336ADC5532E54A308 |
SHA-256: | A50889187D77C8E3E0439A0D5C155159EAA7A3DBEC35111D7131EC88C0A228F7 |
SHA-512: | E030EBF4A1683F176C1873DAD0B717D307253CC0EA1D40BF39F22E3B95C71FCD58907A6B1DFE9F9740FBE1303C59DF1FE70E4B102BFA86269EC49AAA29664FB8 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
URL: | "https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g.es5.O/ck=boq-one-google.OneGoogleWidgetUi.tmXdt9lP4MI.L.B1.O/am=EGDQuQM/d=1/exm=_b,_tp/excm=_b,_tp,appwidgetnoauthview/ed=1/wt=2/ujg=1/rs=AM-SdHsB0Pas7nSw8Vhs7WLnzEaRZWd_gA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,OTA3Ae,COQbmf,fKUV3e,aurFic,U0aPgd,ZwDk9d,V3dDOb,mI3LFb,aDfbSd,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,OmgaI,lazG7b,XVMNvd,L1AAkb,KUM7Z,Mlhmy,s39S4,lwddkf,gychg,w9hDv,EEDORb,RMhBfe,SdcwHb,aW3pY,pw70Gc,EFQ78c,Ulmmrd,ZfAoz,mdR7q,wmnU7d,xQtZb,JNoxi,kWgXee,MI6k7c,kjKdXe,BVgquf,QIhFr,ovKuLd,hKSk3e,yDVVkb,hc6Ubd,SpsfSb,KG2eXe,Z5uLle,MdUzUe,VwDzFe,zbML3c,A7fCU,zr1jrb,Uas9Hd,pjICDe" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 163286 |
Entropy (8bit): | 5.544045381504343 |
Encrypted: | false |
SSDEEP: | 3072:CMiFOP4roKgkk/EFZMQbxjZW1BKo6JMI6l0nt8Uv1ziwtXOmDsY+WwYLF/HrY7+A:CMiroKfbMQbxjZW1BKo6JMI6l0nt8Uvq |
MD5: | 9D9987F6E83F101A097A0BD64A14C71B |
SHA1: | E71E10897E0E874DE4D12125D5DF2F7FCE08F585 |
SHA-256: | D0975FC00A61201A54714BE8DF5E50F02B277E133BA08ABD9DEEA33934FA28A9 |
SHA-512: | 5AE557145F0E0FF3E768AFC63B3E4855F53DCA49D46A22ACB169CC6DC58FF2B11C776B419141EB12C8B0CF7BBD16E928F9EE5AF5014DD976130B00A1995B325E |
Malicious: | false |
Reputation: | moderate, very likely benign file |
URL: | "https://www.gstatic.com/og/_/js/k=og.qtm.en_US.Ics7SFQVxbg.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTtpRznzVJk75Y4TcT-zpGGUjebtAg" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4257 |
Entropy (8bit): | 5.8265994727502495 |
Encrypted: | false |
SSDEEP: | 96:a23EnliEIN6666VRwTGu/tE6ZgnkmIMfGeN/eN8hMgnd9z9KfffQfo:+lwN6666VSj/tE61mIMfGeN/A8H9R0 |
MD5: | E48EB32F54F5439D1670AB9935CE7D1B |
SHA1: | 6CBD44658228E8591002AEBEC0D311089C199489 |
SHA-256: | 08BEA4D7DF9EEF190534B3C46E7D6C391D43C7943C854AEB3766F29B6252AC1A |
SHA-512: | 5A6BAA9858AE1E2C869BBF20AAAB02B1CB7461D81E07F2A33DCA5F551FDA4ED7563C47896274C4E0C53854D076169BDF203794E1B9FD7315E9B776658D7EACC4 |
Malicious: | false |
URL: | https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 18834 |
Entropy (8bit): | 5.407489764960331 |
Encrypted: | false |
SSDEEP: | 384:aRFPTuu4q5oOTm1j8B0K5WXv/8bU2wnO/mgzI4QSIZ0n9vDBTTY0TXCnh/9Clf9c:a/Tuu4q5oOTLB0K5WXv/8bU2wnO/mgze |
MD5: | 676CD2F5702D832A1E3E2F08257FEB37 |
SHA1: | 1019B84107A8F84A77A651BDCBE0A7F425DE3661 |
SHA-256: | F58B6E0D4393A8BB15423EC49867875FB38EB820E0A7D13A7E80F4DCE7EB342E |
SHA-512: | FF43FA6A37CE55F660052AE71F9301064638BC6D14F0DE8161E3E4E9C66D7CC5BE72D752540031BFF801228F905DDBA515DFAE15DFC6AAAC0654691C2A0AE365 |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g.es5.O/ck=boq-one-google.OneGoogleWidgetUi.tmXdt9lP4MI.L.B1.O/am=EGDQuQM/d=1/exm=A7fCU,BVgquf,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aDfbSd,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,appwidgetnoauthview/ed=1/wt=2/ujg=1/rs=AM-SdHsB0Pas7nSw8Vhs7WLnzEaRZWd_gA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=RqjULd" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 137432 |
Entropy (8bit): | 7.981759932974614 |
Encrypted: | false |
SSDEEP: | 3072:SWkkEsWBwvkw/2i4fhpATVmE6383x4L6EWL3UQ7lE7sPE:SVAwwswerUv3S4nhdPE |
MD5: | 387ED93F42803B1EC6697E3B57FBCEF0 |
SHA1: | 2EA8A5BFBF99144BD0EBAEBE60AC35406A8B613E |
SHA-256: | 982AAC952E2C938BD55550D0409ECE5F4430D38F370161D8318678FA25316587 |
SHA-512: | 7C90F69A53E49BAD03C4CEFD9868B4C4BA145E5738218E8C445FF6AE5347153E3A2F2B918CBE184B0366AFD53B984634D2894FEA6F31A4603E58CCB6BFA5C625 |
Malicious: | false |
URL: | https://ssl.gstatic.com/gb/images/sprites/p_2x_387ed93f4280.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 184069 |
Entropy (8bit): | 5.457765888899575 |
Encrypted: | false |
SSDEEP: | 3072:JaXH2HHSBV2qoSKRd8mQ3jfA8j3yViKE5rmVqpzE:fHgxohRdUfFyQKEnpzE |
MD5: | 92EEFFE57524E80329BE5C39E3442D12 |
SHA1: | EAA1A2226A503A59A2506BFC5031077DBED51AE1 |
SHA-256: | A206F391DFA17782AF610C772392E25F2DF7EA947A7CE17B449ACF45DD5BF854 |
SHA-512: | 8B2C2FC7D6A938493A1437B5901A369D228E4AB1183144AF9582301E0C5A7CBE31E7DADF4B51E75ECF113C3D5F2935FD2FAAD6D64F9FA1FC65D06BE5959029B0 |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g.es5.O/am=EGDQuQM/d=1/excm=_b,_tp,appwidgetnoauthview/ed=1/dg=0/wt=2/ujg=1/rs=AM-SdHvidsrb0WJIkPFTwXnDxsLdoIl5-Q/m=_b,_tp" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 29 |
Entropy (8bit): | 3.9353986674667634 |
Encrypted: | false |
SSDEEP: | 3:VQAOx/1n:VQAOd1n |
MD5: | 6FED308183D5DFC421602548615204AF |
SHA1: | 0A3F484AAA41A60970BA92A9AC13523A1D79B4D5 |
SHA-256: | 4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D |
SHA-512: | A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5 |
Malicious: | false |
URL: | https://www.google.com/async/newtab_promos |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3505 |
Entropy (8bit): | 5.552095288109031 |
Encrypted: | false |
SSDEEP: | 96:86yHtxMPvVSbAtxNYiSJ6vq67pSlIcBfGx:FwIOT6L0IIc |
MD5: | 6745EB04C880EA1849D0DD81B61F4FE9 |
SHA1: | EF6EDD0581F24E02C423FBC551B9D9F060F2404C |
SHA-256: | F196C197EF86BA3427D8284E2273FE8932BBC2AFF02931E4273F6840927518B2 |
SHA-512: | 7AB9D78668D5E83FBCFF092223379426141EDEDE6088136BD578E86D2E59ACCC2ABF1A86C34001DCB6528E6F735B46816259ED2F4E82D69BA9CCB97DFA42C49A |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g.es5.O/ck=boq-one-google.OneGoogleWidgetUi.tmXdt9lP4MI.L.B1.O/am=EGDQuQM/d=1/exm=A7fCU,BVgquf,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,RqjULd,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aDfbSd,aW3pY,aurFic,bm51tf,byfTOb,e5qFLc,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,appwidgetnoauthview/ed=1/wt=2/ujg=1/rs=AM-SdHsB0Pas7nSw8Vhs7WLnzEaRZWd_gA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,WhJNk" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3572 |
Entropy (8bit): | 5.140651484312947 |
Encrypted: | false |
SSDEEP: | 48:vZUJVKLICJEconBdpZUvGCUvGULHg7OTehn5hsbrc7g8IO8u0Y8D2n:yJYI/coXqCg7OSfg8IO8uB8D2n |
MD5: | 122C0858F7D38991F14E5ADC6BDB3C3B |
SHA1: | FFC64755EB42990A73C4878426A641CFB94B57EE |
SHA-256: | 06D1296A6F6611AC795B27882FE88823EE857D0F49F7018CF00C6A199976DC0D |
SHA-512: | 149A1FB533C8C7D5EA363B80982DC1EC4C39E5EF9BB37E45BC80E105B18C3FA4DC610449BBD70DE9B9AC7339FEBBBD4FF76C2A9D1FD104D1943A386539AC4D44 |
Malicious: | false |
URL: | "https://www.gstatic.com/og/_/ss/k=og.qtm.RS0dNtaZmo0.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTuhe2hCYlalU7rKCW-qT_-zMhVRaw" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1424 |
Entropy (8bit): | 5.31660097498527 |
Encrypted: | false |
SSDEEP: | 24:kWfS+Xg1QmYTY29/RbFTVebYaThG8VgI4+O6tp41SZGbwfKGbeZPx/sMGOwsNEZ9:ZfS+wmmc/bFpw/A8R3fpWgGb+KGbipsZ |
MD5: | 13D1BE6BC9AA2CA332D553D2D4491DE1 |
SHA1: | F7E7A540E69006ED7470EB2AED4EF19BE4A1AF0C |
SHA-256: | 4C205DD66FDACFF32EB2B63273FB74DB1E29DBD5C9B97F0F6641378174257F39 |
SHA-512: | A1DD99D4ED179D4FA138A7C500589896F3A5DA06758ED72F67D05243519FB5EADF2184D9B67F0F9337FF55B5F5982D93245A8FF41E6F8F1D619CAC8D47C9FF4A |
Malicious: | false |
URL: | "https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.atEDuNh539g.es5.O/ck=boq-one-google.OneGoogleWidgetUi.tmXdt9lP4MI.L.B1.O/am=EGDQuQM/d=1/exm=A7fCU,BVgquf,COQbmf,EEDORb,EFQ78c,GkRiKb,IZT63,JNoxi,KG2eXe,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,Mlhmy,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,OmgaI,PrPYRd,QIhFr,RMhBfe,RqjULd,SdcwHb,SpsfSb,U0aPgd,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,VwDzFe,XVMNvd,Z5uLle,ZfAoz,ZwDk9d,_b,_tp,aDfbSd,aW3pY,aurFic,byfTOb,e5qFLc,fKUV3e,gychg,hKSk3e,hc6Ubd,kWgXee,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,ovKuLd,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yDVVkb,zbML3c,zr1jrb/excm=_b,_tp,appwidgetnoauthview/ed=1/wt=2/ujg=1/rs=AM-SdHsB0Pas7nSw8Vhs7WLnzEaRZWd_gA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:QIhFr;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=bm51tf" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 137077 |
Entropy (8bit): | 5.441035278670538 |
Encrypted: | false |
SSDEEP: | 1536:jdGuEygn2zuFRDP6nWysx3DMqPKnrzNSpGiV1p+RHPGb4guj1i8jZRLM9rZxMkPr:Dmnoap3DTKnrQpG4nQUdup6ZxMkmwXd |
MD5: | 5CEB2FE15490C26E3E57A026EAB83B62 |
SHA1: | 2E106BCBCE03227347322C1008FC07F070EA0FC5 |
SHA-256: | F8D21EF95FDF1BD0D553DCB1FBD26976447AE22C66EDF9BD5E041AFE5B01836E |
SHA-512: | 389CDE2F0589E33DEB0C42C39B9A9FB3948A0E52ECFECF86A8DD57BFFA599ACA1C75CA8D1FFB19CFDA72EEA483CB21A0486D91C904D59243350D9463053272F3 |
Malicious: | false |
URL: | https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 137432 |
Entropy (8bit): | 7.981759932974614 |
Encrypted: | false |
SSDEEP: | 3072:SWkkEsWBwvkw/2i4fhpATVmE6383x4L6EWL3UQ7lE7sPE:SVAwwswerUv3S4nhdPE |
MD5: | 387ED93F42803B1EC6697E3B57FBCEF0 |
SHA1: | 2EA8A5BFBF99144BD0EBAEBE60AC35406A8B613E |
SHA-256: | 982AAC952E2C938BD55550D0409ECE5F4430D38F370161D8318678FA25316587 |
SHA-512: | 7C90F69A53E49BAD03C4CEFD9868B4C4BA145E5738218E8C445FF6AE5347153E3A2F2B918CBE184B0366AFD53B984634D2894FEA6F31A4603E58CCB6BFA5C625 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 15344 |
Entropy (8bit): | 7.984625225844861 |
Encrypted: | false |
SSDEEP: | 384:ctE5KIuhGO+DSdXwye6i9Xm81v4vMHCbppV0pr3Ll9/w:cqrVO++tw/9CICFbQLlxw |
MD5: | 5D4AEB4E5F5EF754E307D7FFAEF688BD |
SHA1: | 06DB651CDF354C64A7383EA9C77024EF4FB4CEF8 |
SHA-256: | 3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC |
SHA-512: | 7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48 |
Malicious: | false |
URL: | https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1660 |
Entropy (8bit): | 4.301517070642596 |
Encrypted: | false |
SSDEEP: | 48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD |
MD5: | 554640F465EB3ED903B543DAE0A1BCAC |
SHA1: | E0E6E2C8939008217EB76A3B3282CA75F3DC401A |
SHA-256: | 99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52 |
SHA-512: | 462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0 |
Malicious: | false |
URL: | https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 121628 |
Entropy (8bit): | 5.506662476672723 |
Encrypted: | false |
SSDEEP: | 3072:QI9yvwslCsrCF9f/U2Dj3Fkk7rEehA5L1kx:l9ygsrieDkVaL1kx |
MD5: | F46ACD807A10216E6EEE8EA51E0F14D6 |
SHA1: | 4702F47070F7046689432DCF605F11364BC0FBED |
SHA-256: | D6B84873D27E7E83CF5184AAEF778F1CCB896467576CD8AF2CAD09B31B3C6086 |
SHA-512: | 811263DC85C8DAA3A6E5D8A002CCCB953CD01E6A77797109835FE8B07CABE0DEE7EB126274E84266229880A90782B3B016BA034E31F0E3B259BF9E66CA797028 |
Malicious: | false |
URL: | "https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 53484 |
Entropy (8bit): | 5.740191451553308 |
Encrypted: | false |
SSDEEP: | 768:kcEghhvpuxWl1C6k/Z2aFe045V6HbWb1JMYfI1QzFJ/N4tx0AyvU:x1CfbWP7fII1yx4vU |
MD5: | 326D17BD9F7CCA8358115BD197B5A99D |
SHA1: | 6BE26813CFD8E9BFF067315C39C61DCD51FA4FD3 |
SHA-256: | 8C0F68565A374CA69966BB964590DC6EDA449BE28059E5FFD76C66CE9CD1F46C |
SHA-512: | 0EFE8ACF385D391D545973CEBEC65F57461941746A9106D36CD47662E25A9788D86BFB749C81911AE58E404CAECE3CF0E0D229BF82FF22E4BD25F10ADD5D760B |
Malicious: | false |
URL: | https://ogs.google.com/widget/app/so?awwd=1&gm3=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin=chrome%3A%2F%2Fnew-tab-page&cn=app&pid=1&spid=243&hl=en |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 19 |
Entropy (8bit): | 3.6818808028034042 |
Encrypted: | false |
SSDEEP: | 3:VQRWN:VQRWN |
MD5: | 9FAE2B6737B98261777262B14B586F28 |
SHA1: | 79C894898B2CED39335EB0003C18B27AA8C6DDCD |
SHA-256: | F55F6B26E77DF6647E544AE5B45892DCEA380B7A6D2BFAA1E023EA112CE81E73 |
SHA-512: | 29CB8E5462B15488B0C6D5FC1673E273FB47841E9C76A4AA5415CA93CEA31B87052BBA511680F2BC9E6543A29F1BBFBA9D06FCC08F5C65BEB115EE7A9E5EFF36 |
Malicious: | false |
URL: | https://www.google.com/async/ddljson?async=ntp:2 |
Preview: |
File type: | |
Entropy (8bit): | 7.983684592136021 |
TrID: |
|
File name: | FW URGENT RFQ-400098211.exe |
File size: | 637'340 bytes |
MD5: | eb22df9e911f644327e4417b7e170727 |
SHA1: | fc4be943bdd75bea11402dafd25eac549662adfd |
SHA256: | 2b45e61ed11c6c785371e18c12018cc5ffbe85e5caa889b3101312f80677dd80 |
SHA512: | 01de24ecba8390a7ea193e0d22a95a7e0980744a9448cea7b753335b1949d222d4a30a3fc3413ef1ba8aad3135d412bac3fa0fd2c160fcb140b170e40eb63471 |
SSDEEP: | 12288:Slu3EQ1olbFupM4efMr6LNXRRNb6d2P2AdiSqIhaN4s5mi:SlEEQQ6Trm9RHb62PDqi/Omi |
TLSH: | 67D423E8D2FC641BF1BA4E755CF352685CFB7D66015AC38E944A04B92B3972033A1F62 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....6............"...0..u............... ....@...... ....................................`................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x400000 |
Entrypoint Section: | |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x8E923614 [Wed Oct 18 13:39:32 2045 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: |
Instruction |
---|
dec ebp |
pop edx |
nop |
add byte ptr [ebx], al |
add byte ptr [eax], al |
add byte ptr [eax+eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xa000 | 0x950 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x9466 | 0x38 | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2000 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x7518 | 0x7600 | 681fb733300a20d15da98b81741753eb | False | 0.5777939618644068 | data | 6.297461876225848 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0xa000 | 0x950 | 0xa00 | 391d88eb5dfbef60c785ba2e827171b0 | False | 0.2421875 | data | 3.743868586898606 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0xa070 | 0x470 | data | 0.4753521126760563 | ||
RT_VERSION | 0xa4e0 | 0x470 | data | English | United States | 0.477112676056338 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2024 20:22:44.315340042 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
May 4, 2024 20:22:46.596698999 CEST | 49678 | 443 | 192.168.2.4 | 104.46.162.224 |
May 4, 2024 20:22:53.925606966 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
May 4, 2024 20:22:55.607769012 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:55.607796907 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:55.607858896 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:55.608268976 CEST | 49732 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:55.608311892 CEST | 443 | 49732 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:55.608365059 CEST | 49732 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:55.608532906 CEST | 49733 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:55.608566999 CEST | 443 | 49733 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:55.608606100 CEST | 49733 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:55.608905077 CEST | 49734 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:55.608935118 CEST | 443 | 49734 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:55.608985901 CEST | 49734 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:55.650538921 CEST | 49739 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:55.650615931 CEST | 443 | 49739 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:55.650681019 CEST | 49739 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:55.703027010 CEST | 49739 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:55.703072071 CEST | 443 | 49739 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:55.713242054 CEST | 49734 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:55.713264942 CEST | 443 | 49734 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:55.713674068 CEST | 49733 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:55.713701963 CEST | 443 | 49733 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:55.713815928 CEST | 49732 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:55.713829041 CEST | 443 | 49732 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:55.714180946 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:55.714190960 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.018429995 CEST | 443 | 49739 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.020827055 CEST | 443 | 49733 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.023303986 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.023504972 CEST | 443 | 49734 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.025264978 CEST | 443 | 49732 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.070390940 CEST | 49732 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.103812933 CEST | 49739 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.103873014 CEST | 443 | 49739 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.103991032 CEST | 49733 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.104002953 CEST | 443 | 49733 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.104053020 CEST | 49734 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.104068995 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.104496002 CEST | 49734 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.104511023 CEST | 443 | 49734 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.104681015 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.104685068 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.104815960 CEST | 49732 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.104826927 CEST | 443 | 49732 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.105066061 CEST | 443 | 49739 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.105070114 CEST | 443 | 49733 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.105076075 CEST | 443 | 49739 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.105078936 CEST | 443 | 49733 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.105132103 CEST | 49739 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.105143070 CEST | 49733 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.105770111 CEST | 443 | 49732 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.105778933 CEST | 443 | 49734 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.105788946 CEST | 443 | 49734 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.105814934 CEST | 49732 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.105843067 CEST | 49734 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.105871916 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.105884075 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.105918884 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.113418102 CEST | 49733 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.113481998 CEST | 443 | 49733 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.113559008 CEST | 49739 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.113584042 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.113641024 CEST | 443 | 49739 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.113655090 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.113801956 CEST | 49734 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.113856077 CEST | 49732 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.113878965 CEST | 443 | 49734 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.113919973 CEST | 443 | 49732 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.115211964 CEST | 49733 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.115219116 CEST | 443 | 49733 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.115323067 CEST | 49739 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.115343094 CEST | 443 | 49739 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.115355968 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.115369081 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.115830898 CEST | 49734 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.115843058 CEST | 443 | 49734 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.176137924 CEST | 49732 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.176146030 CEST | 443 | 49732 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.222278118 CEST | 49732 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.238228083 CEST | 49733 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.238235950 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.238239050 CEST | 49739 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.238257885 CEST | 49734 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.341670990 CEST | 443 | 49739 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.341779947 CEST | 443 | 49739 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.341844082 CEST | 49739 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.352725029 CEST | 443 | 49733 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.352771044 CEST | 443 | 49733 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.352828979 CEST | 49733 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.352830887 CEST | 443 | 49733 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.352853060 CEST | 443 | 49733 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.352890015 CEST | 49733 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.352901936 CEST | 443 | 49733 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.353781939 CEST | 443 | 49734 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.353884935 CEST | 443 | 49734 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.353934050 CEST | 49734 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.357511044 CEST | 443 | 49733 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.357553005 CEST | 49733 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.360920906 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.360969067 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.361013889 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.361020088 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.361032009 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.361064911 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.361077070 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.364804983 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.364846945 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.364852905 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.374978065 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.375001907 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.375022888 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.375030994 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.375067949 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.385396957 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.395781040 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.395823956 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.395832062 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.423576117 CEST | 49739 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.423614025 CEST | 443 | 49739 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.491432905 CEST | 49734 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.491461039 CEST | 443 | 49734 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.492073059 CEST | 49733 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.492095947 CEST | 443 | 49733 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.510359049 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.510402918 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.510411978 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.515425920 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.515466928 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.515475035 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.525907993 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.525957108 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.525969982 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.536341906 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.536391973 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.536400080 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.546750069 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.546791077 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.546798944 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.557208061 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.557255983 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.557264090 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.567349911 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.567392111 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.567399025 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.576661110 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.576714039 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.576719999 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.585808992 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.585854053 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.585861921 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.604275942 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.604305029 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.604320049 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.604331017 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.604372978 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.613459110 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.622661114 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.622730970 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.622760057 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.622767925 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.625502110 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.631957054 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.659801960 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.659833908 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.659857035 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.659864902 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.662483931 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.663476944 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.671051025 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.671081066 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.671149969 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.671156883 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.671241999 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.677757025 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.684545994 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.684572935 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.684698105 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.684706926 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.684767008 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.691287994 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.691339016 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.691613913 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.691621065 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.698051929 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.698208094 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.698215961 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.704839945 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.705228090 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.705235004 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.711607933 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.711818933 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.711826086 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.718400002 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.718539953 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.718547106 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.728487015 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.728518009 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.728909016 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.728918076 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.735307932 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.735315084 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.735328913 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.735389948 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.742062092 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.748786926 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.748814106 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.749408007 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.749416113 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.754781961 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.755578041 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.762340069 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.762371063 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.762418985 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.762428045 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.762620926 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.769119978 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.775732040 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.775762081 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.775834084 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.775840998 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.775965929 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.782367945 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.788724899 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.788753986 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.788811922 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.788820028 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.789777994 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.794812918 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.795944929 CEST | 49742 | 80 | 192.168.2.4 | 208.95.112.1 |
May 4, 2024 20:22:56.800703049 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.800736904 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.800761938 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.800770044 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.805413961 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.806632042 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.809570074 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.815469980 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.815498114 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.815499067 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.815509081 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.818412066 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.821362972 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.821876049 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.821882010 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.825126886 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.825222969 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.825229883 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.828680992 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.829049110 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.829055071 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.832267046 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.835835934 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.835865021 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.835867882 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.835879087 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.836430073 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.839397907 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.842477083 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.842483044 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.843105078 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.843610048 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.843616962 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.846438885 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.846740007 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.846746922 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.850214958 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.850347042 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.850353956 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.853327990 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.856647015 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.856673956 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.856681108 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.856827974 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:56.856849909 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.858016014 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.858016014 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:56.945559978 CEST | 80 | 49742 | 208.95.112.1 | 192.168.2.4 |
May 4, 2024 20:22:56.945715904 CEST | 49742 | 80 | 192.168.2.4 | 208.95.112.1 |
May 4, 2024 20:22:56.951899052 CEST | 49742 | 80 | 192.168.2.4 | 208.95.112.1 |
May 4, 2024 20:22:57.102150917 CEST | 80 | 49742 | 208.95.112.1 | 192.168.2.4 |
May 4, 2024 20:22:57.191057920 CEST | 49742 | 80 | 192.168.2.4 | 208.95.112.1 |
May 4, 2024 20:22:57.238413095 CEST | 49731 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:22:57.238424063 CEST | 443 | 49731 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:22:57.810551882 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:22:57.968539953 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:22:57.968601942 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:22:58.425980091 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:22:58.427596092 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:22:58.585742950 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:22:58.647001028 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:22:58.701276064 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:22:58.861298084 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:22:58.940493107 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:22:59.341315985 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:22:59.508852005 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:22:59.508872986 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:22:59.508887053 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:22:59.508900881 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:22:59.508932114 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:22:59.511395931 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:22:59.559287071 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:22:59.627563953 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:22:59.627592087 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:22:59.627641916 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:22:59.638668060 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:22:59.638684988 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:22:59.717653036 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:22:59.793440104 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:22:59.950778961 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:22:59.950988054 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:22:59.951006889 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:22:59.951463938 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:22:59.952003002 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:22:59.952049971 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:22:59.952301025 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:22:59.956871033 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:22:59.956931114 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:22:59.957048893 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:22:59.957055092 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.108692884 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.110752106 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:23:00.111032009 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:23:00.252305031 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.252346992 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.252377033 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.252377987 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.252391100 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.252422094 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.252424002 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.252429962 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.252468109 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.252473116 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.263964891 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.264014006 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.264020920 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.273621082 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.273663044 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.273669004 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.284327984 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.284480095 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.284486055 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.309020996 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:23:00.344548941 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:23:00.344841003 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:23:00.401608944 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.401633978 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.401757956 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.401773930 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.401819944 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.406799078 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.417275906 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.417296886 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.417330980 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.417340040 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.417373896 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.428343058 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.438870907 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.438896894 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.438914061 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.438920021 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.438956976 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.448642969 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.459127903 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.459158897 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.459175110 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.459182978 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.459218025 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.468988895 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.479619026 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.479646921 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.479659081 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.479664087 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.479701996 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.491214037 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.500570059 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.500597954 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.500618935 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.500623941 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.500658035 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.506702900 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:23:00.506717920 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:23:00.506896019 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:23:00.510668039 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.520459890 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.520486116 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.520610094 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.520616055 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.520654917 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.528017044 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.551024914 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.551065922 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.551079035 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.551083088 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.551111937 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.555367947 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.563496113 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.563517094 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.563540936 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.563548088 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.563582897 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.571274042 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.578563929 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.578587055 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.578605890 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.578619957 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.578658104 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.585843086 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.593111992 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.593137980 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.593172073 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.593180895 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.593214035 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.600409985 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.604073048 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.604115963 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.604123116 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.611352921 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.611394882 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.611401081 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.618650913 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.618694067 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.618702888 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.625912905 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.625951052 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.625957966 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.633238077 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.633457899 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.633465052 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.640465021 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.640594959 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.640614986 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.647790909 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.647838116 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.647845984 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.654997110 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.655044079 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.655049086 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.662185907 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.662231922 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.662236929 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.669105053 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.669150114 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.669153929 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.675653934 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.676182985 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.676187038 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.688292980 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.688338041 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.688343048 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.691302061 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.693444014 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.693454027 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.697326899 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.702450037 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.702454090 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.703212023 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.703255892 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.703260899 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.704405069 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:23:00.709084034 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.714440107 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.714449883 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.714941025 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.716981888 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.716988087 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.718507051 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.718559027 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.718564987 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.722171068 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.722213030 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.722219944 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.725670099 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.726463079 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.726470947 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.729204893 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.729264975 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.729270935 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.729291916 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.729332924 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.733798027 CEST | 49751 | 443 | 192.168.2.4 | 172.217.12.142 |
May 4, 2024 20:23:00.733815908 CEST | 443 | 49751 | 172.217.12.142 | 192.168.2.4 |
May 4, 2024 20:23:00.737559080 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:23:00.739960909 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:23:00.897970915 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:23:00.898008108 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:23:00.898571014 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:23:00.898622990 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:23:00.898633957 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:23:00.898660898 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:23:01.056545019 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:23:01.056555033 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:23:01.056853056 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:23:01.069122076 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:23:01.162103891 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:23:06.014475107 CEST | 443 | 49732 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:23:06.014563084 CEST | 443 | 49732 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:23:06.014615059 CEST | 49732 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:23:07.019500971 CEST | 49732 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:23:07.019536018 CEST | 443 | 49732 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:23:31.197813034 CEST | 80 | 49742 | 208.95.112.1 | 192.168.2.4 |
May 4, 2024 20:23:31.197890997 CEST | 49742 | 80 | 192.168.2.4 | 208.95.112.1 |
May 4, 2024 20:23:45.846925974 CEST | 80 | 49742 | 208.95.112.1 | 192.168.2.4 |
May 4, 2024 20:23:57.908024073 CEST | 49766 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:23:57.908058882 CEST | 443 | 49766 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:23:57.908159018 CEST | 49766 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:23:57.908684015 CEST | 49766 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:23:57.908699036 CEST | 443 | 49766 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:23:58.217140913 CEST | 443 | 49766 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:23:58.217514038 CEST | 49766 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:23:58.217525005 CEST | 443 | 49766 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:23:58.217803955 CEST | 443 | 49766 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:23:58.218225956 CEST | 49766 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:23:58.218286037 CEST | 443 | 49766 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:23:58.266120911 CEST | 49766 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:24:04.001159906 CEST | 49723 | 80 | 192.168.2.4 | 23.206.229.80 |
May 4, 2024 20:24:04.151864052 CEST | 80 | 49723 | 23.206.229.80 | 192.168.2.4 |
May 4, 2024 20:24:04.151943922 CEST | 49723 | 80 | 192.168.2.4 | 23.206.229.80 |
May 4, 2024 20:24:08.210963964 CEST | 443 | 49766 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:24:08.211026907 CEST | 443 | 49766 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:24:08.211096048 CEST | 49766 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:24:09.019824028 CEST | 49766 | 443 | 192.168.2.4 | 142.250.68.4 |
May 4, 2024 20:24:09.019850016 CEST | 443 | 49766 | 142.250.68.4 | 192.168.2.4 |
May 4, 2024 20:24:37.713179111 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:24:37.872126102 CEST | 587 | 49747 | 108.170.55.203 | 192.168.2.4 |
May 4, 2024 20:24:37.877273083 CEST | 49747 | 587 | 192.168.2.4 | 108.170.55.203 |
May 4, 2024 20:24:46.070050001 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:46.070091963 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:46.070180893 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:46.070386887 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:46.070400953 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:46.381524086 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:46.431583881 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:47.794013977 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:47.794042110 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:47.794481993 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:47.794559002 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:47.795095921 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:47.795151949 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:47.840598106 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:47.840687037 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:47.840743065 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:47.884116888 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:47.888395071 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:47.888407946 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:47.942487001 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.105711937 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.105729103 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.105859041 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.105874062 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.116214037 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.116336107 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.116343975 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.126914978 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.126990080 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.126996040 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.136313915 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.136388063 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.136393070 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.148063898 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.148134947 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.148142099 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.158590078 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.158663988 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.158669949 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.168085098 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.168155909 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.168160915 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.224298000 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.255176067 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.255271912 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.260430098 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.260510921 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.271178007 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.271255016 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.281642914 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.281719923 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.292223930 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.292301893 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.302736998 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.302768946 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.302791119 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.302802086 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.302858114 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.314265013 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.314376116 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.314424992 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.314433098 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.323936939 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.324002028 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.324007988 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.334505081 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.334573984 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.334594011 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.350625992 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.350743055 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.350749016 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.359746933 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.359775066 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.359806061 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.359812021 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.359867096 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.369266033 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.377294064 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.377325058 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.377340078 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.377345085 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.377392054 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.387871027 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.387928009 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.387976885 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.387980938 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.388045073 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
May 4, 2024 20:24:48.388102055 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.391180992 CEST | 49768 | 443 | 192.168.2.4 | 142.250.72.142 |
May 4, 2024 20:24:48.391191959 CEST | 443 | 49768 | 142.250.72.142 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2024 20:22:54.155535936 CEST | 60094 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 20:22:54.156389952 CEST | 64326 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 20:22:54.283320904 CEST | 53 | 57768 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:22:54.301913023 CEST | 53 | 51250 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:22:54.305712938 CEST | 53 | 60094 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:22:54.307137966 CEST | 53 | 64326 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:22:56.636986017 CEST | 64352 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 20:22:56.716871023 CEST | 53 | 51364 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:22:56.787584066 CEST | 53 | 64352 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:22:57.126527071 CEST | 53 | 54601 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:22:57.655992985 CEST | 62596 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 20:22:57.809516907 CEST | 53 | 62596 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:22:59.475886106 CEST | 61970 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 20:22:59.476541042 CEST | 57087 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 20:22:59.626148939 CEST | 53 | 61970 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:22:59.627172947 CEST | 53 | 57087 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:23:17.118525982 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
May 4, 2024 20:23:17.154021025 CEST | 53 | 58778 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:23:37.725630999 CEST | 53 | 58038 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:23:53.374174118 CEST | 53 | 59014 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:24:02.344311953 CEST | 53 | 51298 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:24:33.827806950 CEST | 53 | 57479 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:24:45.914889097 CEST | 63496 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 20:24:45.915035963 CEST | 63775 | 53 | 192.168.2.4 | 1.1.1.1 |
May 4, 2024 20:24:46.069374084 CEST | 53 | 63496 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:24:46.069420099 CEST | 53 | 63775 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:24:48.357889891 CEST | 53 | 51465 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:24:48.359401941 CEST | 53 | 54004 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:24:49.636478901 CEST | 53 | 49958 | 1.1.1.1 | 192.168.2.4 |
May 4, 2024 20:24:53.524043083 CEST | 53 | 54182 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 4, 2024 20:22:54.155535936 CEST | 192.168.2.4 | 1.1.1.1 | 0x1041 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 20:22:54.156389952 CEST | 192.168.2.4 | 1.1.1.1 | 0x5659 | Standard query (0) | 65 | IN (0x0001) | false | |
May 4, 2024 20:22:56.636986017 CEST | 192.168.2.4 | 1.1.1.1 | 0x1b10 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 20:22:57.655992985 CEST | 192.168.2.4 | 1.1.1.1 | 0x94c1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 20:22:59.475886106 CEST | 192.168.2.4 | 1.1.1.1 | 0x9fab | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 20:22:59.476541042 CEST | 192.168.2.4 | 1.1.1.1 | 0x48c5 | Standard query (0) | 65 | IN (0x0001) | false | |
May 4, 2024 20:24:45.914889097 CEST | 192.168.2.4 | 1.1.1.1 | 0xba25 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 4, 2024 20:24:45.915035963 CEST | 192.168.2.4 | 1.1.1.1 | 0x55bf | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 4, 2024 20:22:54.305712938 CEST | 1.1.1.1 | 192.168.2.4 | 0x1041 | No error (0) | 142.250.68.4 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 20:22:54.307137966 CEST | 1.1.1.1 | 192.168.2.4 | 0x5659 | No error (0) | 65 | IN (0x0001) | false | |||
May 4, 2024 20:22:56.787584066 CEST | 1.1.1.1 | 192.168.2.4 | 0x1b10 | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 20:22:57.809516907 CEST | 1.1.1.1 | 192.168.2.4 | 0x94c1 | No error (0) | 108.170.55.203 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 20:22:57.809516907 CEST | 1.1.1.1 | 192.168.2.4 | 0x94c1 | No error (0) | 108.170.55.202 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 20:22:57.894328117 CEST | 1.1.1.1 | 192.168.2.4 | 0x7132 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 20:22:57.894328117 CEST | 1.1.1.1 | 192.168.2.4 | 0x7132 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 20:22:59.626148939 CEST | 1.1.1.1 | 192.168.2.4 | 0x9fab | No error (0) | plus.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 20:22:59.626148939 CEST | 1.1.1.1 | 192.168.2.4 | 0x9fab | No error (0) | 172.217.12.142 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 20:22:59.627172947 CEST | 1.1.1.1 | 192.168.2.4 | 0x48c5 | No error (0) | plus.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 20:22:59.677489996 CEST | 1.1.1.1 | 192.168.2.4 | 0x5157 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 20:22:59.677489996 CEST | 1.1.1.1 | 192.168.2.4 | 0x5157 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 20:24:46.069374084 CEST | 1.1.1.1 | 192.168.2.4 | 0xba25 | No error (0) | www3.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
May 4, 2024 20:24:46.069374084 CEST | 1.1.1.1 | 192.168.2.4 | 0xba25 | No error (0) | 142.250.72.142 | A (IP address) | IN (0x0001) | false | ||
May 4, 2024 20:24:46.069420099 CEST | 1.1.1.1 | 192.168.2.4 | 0x55bf | No error (0) | www3.l.google.com | CNAME (Canonical name) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49742 | 208.95.112.1 | 80 | 7288 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 4, 2024 20:22:56.951899052 CEST | 80 | OUT | |
May 4, 2024 20:22:57.102150917 CEST | 174 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49733 | 142.250.68.4 | 443 | 7572 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 18:22:56 UTC | 607 | OUT | |
2024-05-04 18:22:56 UTC | 1191 | IN | |
2024-05-04 18:22:56 UTC | 64 | IN | |
2024-05-04 18:22:56 UTC | 1255 | IN | |
2024-05-04 18:22:56 UTC | 480 | IN | |
2024-05-04 18:22:56 UTC | 1255 | IN | |
2024-05-04 18:22:56 UTC | 1217 | IN | |
2024-05-04 18:22:56 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49739 | 142.250.68.4 | 443 | 7572 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 18:22:56 UTC | 353 | OUT | |
2024-05-04 18:22:56 UTC | 967 | IN | |
2024-05-04 18:22:56 UTC | 25 | IN | |
2024-05-04 18:22:56 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49731 | 142.250.68.4 | 443 | 7572 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 18:22:56 UTC | 510 | OUT | |
2024-05-04 18:22:56 UTC | 967 | IN | |
2024-05-04 18:22:56 UTC | 288 | IN | |
2024-05-04 18:22:56 UTC | 1255 | IN | |
2024-05-04 18:22:56 UTC | 1255 | IN | |
2024-05-04 18:22:56 UTC | 1255 | IN | |
2024-05-04 18:22:56 UTC | 126 | IN | |
2024-05-04 18:22:56 UTC | 748 | IN | |
2024-05-04 18:22:56 UTC | 1255 | IN | |
2024-05-04 18:22:56 UTC | 1255 | IN | |
2024-05-04 18:22:56 UTC | 1255 | IN | |
2024-05-04 18:22:56 UTC | 1255 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49734 | 142.250.68.4 | 443 | 7572 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 18:22:56 UTC | 353 | OUT | |
2024-05-04 18:22:56 UTC | 922 | IN | |
2024-05-04 18:22:56 UTC | 35 | IN | |
2024-05-04 18:22:56 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49751 | 172.217.12.142 | 443 | 7572 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 18:22:59 UTC | 741 | OUT | |
2024-05-04 18:23:00 UTC | 916 | IN | |
2024-05-04 18:23:00 UTC | 339 | IN | |
2024-05-04 18:23:00 UTC | 1255 | IN | |
2024-05-04 18:23:00 UTC | 1255 | IN | |
2024-05-04 18:23:00 UTC | 1255 | IN | |
2024-05-04 18:23:00 UTC | 1255 | IN | |
2024-05-04 18:23:00 UTC | 1255 | IN | |
2024-05-04 18:23:00 UTC | 1255 | IN | |
2024-05-04 18:23:00 UTC | 1255 | IN | |
2024-05-04 18:23:00 UTC | 1255 | IN | |
2024-05-04 18:23:00 UTC | 1255 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49768 | 142.250.72.142 | 443 | 7572 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-04 18:24:47 UTC | 872 | OUT | |
2024-05-04 18:24:48 UTC | 2491 | IN |