Windows
Analysis Report
https://ok9static.oktacdn.com/fs/bco/1/fs07dfl97seXBmJiE417
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 3788 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) chrome.exe (PID: 2796 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2068 --fi eld-trial- handle=199 6,i,150052 6604015436 26,1439858 9916102317 024,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
chrome.exe (PID: 6984 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://ok9st atic.oktac dn.com/fs/ bco/1/fs07 dfl97seXBm JiE417" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
d2im6frcz4axtj.cloudfront.net | 13.225.78.59 | true | false | unknown | |
www.google.com | 142.250.186.100 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown | |
ok9static.oktacdn.com | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.225.78.98 | unknown | United States | 16509 | AMAZON-02US | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
13.225.78.59 | d2im6frcz4axtj.cloudfront.net | United States | 16509 | AMAZON-02US | false | |
142.250.186.100 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.7 |
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1447096 |
Start date and time: | 2024-05-24 11:26:56 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://ok9static.oktacdn.com/fs/bco/1/fs07dfl97seXBmJiE417 |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@16/11@6/6 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.186.163, 172.217.16.142, 74.125.71.84, 34.104.35.123, 20.114.59.183, 93.184.221.240, 192.229.221.95, 52.165.164.15, 13.95.31.18, 142.250.185.131
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9794112388753735 |
Encrypted: | false |
SSDEEP: | 48:8ud0T48jHOidAKZdA19ehwiZUklqehay+3:8xfQZy |
MD5: | CE889B668903650FD07121B96DB62891 |
SHA1: | 2B9A073094B47DA66D9294B78E90DFBF228E2D33 |
SHA-256: | E4644B3E80CAD8796CFAB422823D7E2AFD938FFC1B0096D3E2F8783CE111463D |
SHA-512: | CA85ECDCF19EF8940C8513EAF2945E82FD6F0EA2854009EE4C73401BFE9ABF9A7801ED468D7C2A8D42A331D53425553F2AD091FC7764FBB2BE74D15E1D1C141C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.991401220360949 |
Encrypted: | false |
SSDEEP: | 48:8dd0T48jHOidAKZdA1weh/iZUkAQkqehJy+2:8kfq9QYy |
MD5: | 3971C884F935D53D7C8BD444A55E4BE4 |
SHA1: | FCA6F51EA65003A1412A1AA3DB91E24E5CF3F4F6 |
SHA-256: | 60C54FB23D643FA9A4291312EC432C55E0705D4EC4DB0B39359773F18445BEC1 |
SHA-512: | B0F9009C1C80C1E096B0F66D7560411A90D53C0382B894662B3196746B82A351C2B800BE7474EFF0F6F9917F0186AB5D0A4B077973BF6C79EBD92CD970C1CCED |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.002959009748685 |
Encrypted: | false |
SSDEEP: | 48:8xdd0T48sHOidAKZdA14tseh7sFiZUkmgqeh7sfy+BX:8xkfjnFy |
MD5: | B3156744952A32C8DC34AB58DB54FE67 |
SHA1: | 14EB592B6DA47F832CBF630C3DAE037604BB005F |
SHA-256: | 9289C0A01F12E8B6A0B8151E7A17D78E1B75ADEBAAF7C8904C997D27498F6632 |
SHA-512: | A3E6BDB8639E074F31FF1C566558178E78F1F9DA8C5D030D4F04E234F374A4BB4EDE0EC5D4DB9A8FB222B7FBA3C2FD474A7708F7C422F7A80F666A35ADB2E720 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9910126721989228 |
Encrypted: | false |
SSDEEP: | 48:8Ud0T48jHOidAKZdA1vehDiZUkwqehty+R:8bfxHy |
MD5: | 7A84D693EF637C423B94426A0879B26A |
SHA1: | BDC2B857A61FE27243C48702141939D92C1CC308 |
SHA-256: | 5A409EAA75579D4117ECCB0841A91B586B0F9B1C31671C2A73FB495185D462B7 |
SHA-512: | 3C19E88C871B860BBFC2DFD4B2743AC37721A925343B9CD8A796DD32E592209D988199BEEAB291B985135628F2ABFA3090A1D00C111B7E3205DDF7FD990092D1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9808410405772725 |
Encrypted: | false |
SSDEEP: | 48:8ld0T48jHOidAKZdA1hehBiZUk1W1qeh7y+C:8MfR9by |
MD5: | 594A562AD2339C936FEA8877CDD221DB |
SHA1: | 6B8A20ED57F58A36FF2C87F6EF71065CE596BC15 |
SHA-256: | 06F60AA7C271391A12A181746A8C7F96DD1C6F4843C8CF83918398037C499411 |
SHA-512: | 215C52A2F5B0253D8D46FB8543D295E60226E8932BD8D295A20A366D548162ECB035191BE45CBF9B320DB886F68EE4EB48D3833E1672FEEC0091517770721DD7 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.991122228886816 |
Encrypted: | false |
SSDEEP: | 48:8cd0T48jHOidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbFy+yT+:8jfNT/TbxWOvTbFy7T |
MD5: | 17FBCBEC285F418949AEBCE6375A0199 |
SHA1: | BFA893D04340F90BC0F68E2A1FDBEFCEF547D80A |
SHA-256: | 3BF17DEE79A24656D1B0DC61D1C655B874E4EF2A22A901D015BB7F964BC1C657 |
SHA-512: | 2322CFBBE6C94ED56BD6634D09AE0923ED1F39BC724D13624F1074863EBDD72806E1BB8F947C1D4B41E6E362CA4CBF9CA1C6484B3A56071703840B605F5CE2E3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 5941 |
Entropy (8bit): | 7.880463140917738 |
Encrypted: | false |
SSDEEP: | 96:taRuLdAdOIorpNefF4yG/AZsyGIyGbmvXpoLwvTNUq6ByiPWLvAwIC5cwOdoGbH:88LdATExyG6sd0kDUB7KAwIycwYB |
MD5: | A717A8BD0DE6C0D92C79DE048E78862A |
SHA1: | 8A26A28F367DB3A77D334AFD397901EEE7095241 |
SHA-256: | CFF3521A4A08E79903537748E872A0A3ADAC826D6C17D600DA72F4F544B687C2 |
SHA-512: | F8D7232FA948FFB01A84743F67FC00FDEAA79021DBC836F621257DFBF716D9E9F2E9C02D66A9E14B3DC3396DE379083EA05FD31D02922E6207A40380C8D67848 |
Malicious: | false |
Reputation: | low |
URL: | https://ok9static.oktacdn.com/fs/bco/1/fs07dfl97seXBmJiE417 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5430 |
Entropy (8bit): | 2.7209270279774733 |
Encrypted: | false |
SSDEEP: | 24:E+As6X5OjYp4bEZVJkeZvwnDK4lBit6ubJdhlcolwptQutJt9LSWtF4alXlAXmBQ:Gs6XwjHbqkeKVlA9/zv3urGVu1gmykQ |
MD5: | 449C9DD651DB589388B721EB2496F5B0 |
SHA1: | 64F3B213A89A00F7B0940271576ECC72280236F7 |
SHA-256: | F9E86FB363A05F75AB3B525439D46BF4911D4CD4AE94C656C0198206374002AA |
SHA-512: | 410C701B5050A6D039EE82C6D1B1B596983622E35256A2628A108B20E03D8B0CC85D2033292D5E13ACE0199FFFBB34DBFE9DF82EA4161285082837056A06F2DC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 5430 |
Entropy (8bit): | 2.7209270279774733 |
Encrypted: | false |
SSDEEP: | 24:E+As6X5OjYp4bEZVJkeZvwnDK4lBit6ubJdhlcolwptQutJt9LSWtF4alXlAXmBQ:Gs6XwjHbqkeKVlA9/zv3urGVu1gmykQ |
MD5: | 449C9DD651DB589388B721EB2496F5B0 |
SHA1: | 64F3B213A89A00F7B0940271576ECC72280236F7 |
SHA-256: | F9E86FB363A05F75AB3B525439D46BF4911D4CD4AE94C656C0198206374002AA |
SHA-512: | 410C701B5050A6D039EE82C6D1B1B596983622E35256A2628A108B20E03D8B0CC85D2033292D5E13ACE0199FFFBB34DBFE9DF82EA4161285082837056A06F2DC |
Malicious: | false |
Reputation: | low |
URL: | https://ok9static.oktacdn.com/favicon.ico |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 24, 2024 11:27:39.295067072 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 11:27:39.295067072 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 11:27:39.420212030 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 11:27:45.619034052 CEST | 49709 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:45.619069099 CEST | 443 | 49709 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:45.619132042 CEST | 49709 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:45.619771004 CEST | 49710 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:45.619784117 CEST | 443 | 49710 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:45.619832039 CEST | 49710 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:45.620590925 CEST | 49710 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:45.620604038 CEST | 443 | 49710 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:45.620920897 CEST | 49709 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:45.620934010 CEST | 443 | 49709 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.367993116 CEST | 443 | 49709 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.370944977 CEST | 49709 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:46.370966911 CEST | 443 | 49709 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.372602940 CEST | 443 | 49709 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.372700930 CEST | 49709 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:46.374022961 CEST | 49709 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:46.374108076 CEST | 443 | 49709 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.374492884 CEST | 49709 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:46.374504089 CEST | 443 | 49709 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.380901098 CEST | 443 | 49710 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.381380081 CEST | 49710 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:46.381390095 CEST | 443 | 49710 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.382258892 CEST | 443 | 49710 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.382332087 CEST | 49710 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:46.384176016 CEST | 49710 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:46.384495020 CEST | 443 | 49710 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.432223082 CEST | 49710 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:46.432259083 CEST | 443 | 49710 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.478296041 CEST | 49710 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:46.559235096 CEST | 49709 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:46.650657892 CEST | 443 | 49709 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.650852919 CEST | 443 | 49709 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.650893927 CEST | 443 | 49709 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.650943995 CEST | 49709 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:46.651014090 CEST | 443 | 49709 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.651082993 CEST | 49709 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:46.651082993 CEST | 49709 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:46.651104927 CEST | 443 | 49709 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.651207924 CEST | 443 | 49709 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.651272058 CEST | 49709 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:46.731277943 CEST | 49709 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:46.731342077 CEST | 443 | 49709 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:46.800376892 CEST | 49710 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:46.842509031 CEST | 443 | 49710 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:47.111464977 CEST | 443 | 49710 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:47.111512899 CEST | 443 | 49710 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:47.111552000 CEST | 443 | 49710 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:47.111574888 CEST | 49710 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:47.111587048 CEST | 443 | 49710 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:47.111645937 CEST | 49710 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:47.142725945 CEST | 49710 | 443 | 192.168.2.5 | 13.225.78.59 |
May 24, 2024 11:27:47.142745972 CEST | 443 | 49710 | 13.225.78.59 | 192.168.2.5 |
May 24, 2024 11:27:47.449973106 CEST | 49713 | 443 | 192.168.2.5 | 13.225.78.98 |
May 24, 2024 11:27:47.450037956 CEST | 443 | 49713 | 13.225.78.98 | 192.168.2.5 |
May 24, 2024 11:27:47.450117111 CEST | 49713 | 443 | 192.168.2.5 | 13.225.78.98 |
May 24, 2024 11:27:47.450402021 CEST | 49713 | 443 | 192.168.2.5 | 13.225.78.98 |
May 24, 2024 11:27:47.450419903 CEST | 443 | 49713 | 13.225.78.98 | 192.168.2.5 |
May 24, 2024 11:27:48.184564114 CEST | 49714 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:27:48.184608936 CEST | 443 | 49714 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:27:48.184695959 CEST | 49714 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:27:48.185828924 CEST | 49714 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:27:48.185857058 CEST | 443 | 49714 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:27:48.194600105 CEST | 443 | 49713 | 13.225.78.98 | 192.168.2.5 |
May 24, 2024 11:27:48.195067883 CEST | 49713 | 443 | 192.168.2.5 | 13.225.78.98 |
May 24, 2024 11:27:48.195100069 CEST | 443 | 49713 | 13.225.78.98 | 192.168.2.5 |
May 24, 2024 11:27:48.196536064 CEST | 443 | 49713 | 13.225.78.98 | 192.168.2.5 |
May 24, 2024 11:27:48.196608067 CEST | 49713 | 443 | 192.168.2.5 | 13.225.78.98 |
May 24, 2024 11:27:48.197536945 CEST | 49713 | 443 | 192.168.2.5 | 13.225.78.98 |
May 24, 2024 11:27:48.197621107 CEST | 443 | 49713 | 13.225.78.98 | 192.168.2.5 |
May 24, 2024 11:27:48.198870897 CEST | 49713 | 443 | 192.168.2.5 | 13.225.78.98 |
May 24, 2024 11:27:48.198880911 CEST | 443 | 49713 | 13.225.78.98 | 192.168.2.5 |
May 24, 2024 11:27:48.251785994 CEST | 49713 | 443 | 192.168.2.5 | 13.225.78.98 |
May 24, 2024 11:27:48.473627090 CEST | 443 | 49713 | 13.225.78.98 | 192.168.2.5 |
May 24, 2024 11:27:48.481605053 CEST | 443 | 49713 | 13.225.78.98 | 192.168.2.5 |
May 24, 2024 11:27:48.481631041 CEST | 443 | 49713 | 13.225.78.98 | 192.168.2.5 |
May 24, 2024 11:27:48.481744051 CEST | 49713 | 443 | 192.168.2.5 | 13.225.78.98 |
May 24, 2024 11:27:48.481782913 CEST | 443 | 49713 | 13.225.78.98 | 192.168.2.5 |
May 24, 2024 11:27:48.481817961 CEST | 443 | 49713 | 13.225.78.98 | 192.168.2.5 |
May 24, 2024 11:27:48.481887102 CEST | 49713 | 443 | 192.168.2.5 | 13.225.78.98 |
May 24, 2024 11:27:48.496651888 CEST | 49713 | 443 | 192.168.2.5 | 13.225.78.98 |
May 24, 2024 11:27:48.496685028 CEST | 443 | 49713 | 13.225.78.98 | 192.168.2.5 |
May 24, 2024 11:27:48.875371933 CEST | 443 | 49714 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:27:48.876657009 CEST | 49714 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:27:48.876720905 CEST | 443 | 49714 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:27:48.877620935 CEST | 443 | 49714 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:27:48.877705097 CEST | 49714 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:27:48.901499033 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 11:27:48.901499033 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 11:27:49.026494026 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 11:27:49.088556051 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:49.088648081 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:49.088771105 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:49.093822956 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:49.093862057 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:49.295136929 CEST | 49714 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:27:49.295397997 CEST | 443 | 49714 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:27:49.342269897 CEST | 49714 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:27:49.342330933 CEST | 443 | 49714 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:27:49.390281916 CEST | 49714 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:27:49.765402079 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:49.765554905 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:49.782785892 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:49.782864094 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:49.783365965 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:49.839200020 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:49.860193968 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:49.906498909 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:50.070945978 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:50.071106911 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:50.071295977 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:50.071296930 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:50.071386099 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:50.071484089 CEST | 49715 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:50.071502924 CEST | 443 | 49715 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:50.143079996 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:50.143142939 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:50.143600941 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:50.143600941 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:50.143671989 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:50.714294910 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
May 24, 2024 11:27:50.714396000 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 11:27:50.808024883 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:50.808119059 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:50.837393999 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:50.837424994 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:50.838337898 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:50.842961073 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:50.890496969 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:51.128127098 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:51.128300905 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:51.128355026 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:51.130219936 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:51.130219936 CEST | 49716 | 443 | 192.168.2.5 | 2.19.244.127 |
May 24, 2024 11:27:51.130239964 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:51.130253077 CEST | 443 | 49716 | 2.19.244.127 | 192.168.2.5 |
May 24, 2024 11:27:58.775791883 CEST | 443 | 49714 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:27:58.775880098 CEST | 443 | 49714 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:27:58.775950909 CEST | 49714 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:28:00.693025112 CEST | 49714 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:28:00.693099022 CEST | 443 | 49714 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:28:48.183048964 CEST | 49726 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:28:48.183082104 CEST | 443 | 49726 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:28:48.183479071 CEST | 49726 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:28:48.186549902 CEST | 49726 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:28:48.186564922 CEST | 443 | 49726 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:28:48.856470108 CEST | 443 | 49726 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:28:48.856877089 CEST | 49726 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:28:48.856909037 CEST | 443 | 49726 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:28:48.857368946 CEST | 443 | 49726 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:28:48.857822895 CEST | 49726 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:28:48.857899904 CEST | 443 | 49726 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:28:48.901848078 CEST | 49726 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:28:58.745379925 CEST | 443 | 49726 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:28:58.745547056 CEST | 443 | 49726 | 142.250.186.100 | 192.168.2.5 |
May 24, 2024 11:28:58.750422955 CEST | 49726 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:29:00.576340914 CEST | 49726 | 443 | 192.168.2.5 | 142.250.186.100 |
May 24, 2024 11:29:00.576356888 CEST | 443 | 49726 | 142.250.186.100 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 24, 2024 11:27:44.150175095 CEST | 53 | 65156 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:27:44.291568041 CEST | 53 | 62649 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:27:45.467603922 CEST | 53 | 64894 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:27:45.599435091 CEST | 56589 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 11:27:45.599647045 CEST | 56075 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 11:27:45.607992887 CEST | 53 | 56589 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:27:45.618268013 CEST | 53 | 56075 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:27:47.415896893 CEST | 54765 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 11:27:47.416115046 CEST | 50354 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 11:27:47.441173077 CEST | 53 | 54765 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:27:47.449318886 CEST | 53 | 50354 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:27:48.132853031 CEST | 52575 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 11:27:48.133562088 CEST | 57429 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 11:27:48.172442913 CEST | 53 | 52575 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:27:48.192420959 CEST | 53 | 57429 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:28:02.648880959 CEST | 53 | 53268 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:28:21.550291061 CEST | 53 | 58062 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:28:43.917804956 CEST | 53 | 62842 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:28:44.011974096 CEST | 53 | 59837 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
May 24, 2024 11:27:48.192497015 CEST | 192.168.2.5 | 1.1.1.1 | c1fe | (Port unreachable) | Destination Unreachable |
May 24, 2024 11:28:43.917932034 CEST | 192.168.2.5 | 1.1.1.1 | c225 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 24, 2024 11:27:45.599435091 CEST | 192.168.2.5 | 1.1.1.1 | 0x81e0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 24, 2024 11:27:45.599647045 CEST | 192.168.2.5 | 1.1.1.1 | 0x7ea0 | Standard query (0) | 65 | IN (0x0001) | false | |
May 24, 2024 11:27:47.415896893 CEST | 192.168.2.5 | 1.1.1.1 | 0x3320 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 24, 2024 11:27:47.416115046 CEST | 192.168.2.5 | 1.1.1.1 | 0xd3f7 | Standard query (0) | 65 | IN (0x0001) | false | |
May 24, 2024 11:27:48.132853031 CEST | 192.168.2.5 | 1.1.1.1 | 0xa21d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 24, 2024 11:27:48.133562088 CEST | 192.168.2.5 | 1.1.1.1 | 0x26c5 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 24, 2024 11:27:45.607992887 CEST | 1.1.1.1 | 192.168.2.5 | 0x81e0 | No error (0) | d2im6frcz4axtj.cloudfront.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 11:27:45.607992887 CEST | 1.1.1.1 | 192.168.2.5 | 0x81e0 | No error (0) | 13.225.78.59 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 11:27:45.607992887 CEST | 1.1.1.1 | 192.168.2.5 | 0x81e0 | No error (0) | 13.225.78.88 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 11:27:45.607992887 CEST | 1.1.1.1 | 192.168.2.5 | 0x81e0 | No error (0) | 13.225.78.122 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 11:27:45.607992887 CEST | 1.1.1.1 | 192.168.2.5 | 0x81e0 | No error (0) | 13.225.78.98 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 11:27:45.618268013 CEST | 1.1.1.1 | 192.168.2.5 | 0x7ea0 | No error (0) | d2im6frcz4axtj.cloudfront.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 11:27:47.441173077 CEST | 1.1.1.1 | 192.168.2.5 | 0x3320 | No error (0) | d2im6frcz4axtj.cloudfront.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 11:27:47.441173077 CEST | 1.1.1.1 | 192.168.2.5 | 0x3320 | No error (0) | 13.225.78.98 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 11:27:47.441173077 CEST | 1.1.1.1 | 192.168.2.5 | 0x3320 | No error (0) | 13.225.78.122 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 11:27:47.441173077 CEST | 1.1.1.1 | 192.168.2.5 | 0x3320 | No error (0) | 13.225.78.88 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 11:27:47.441173077 CEST | 1.1.1.1 | 192.168.2.5 | 0x3320 | No error (0) | 13.225.78.59 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 11:27:47.449318886 CEST | 1.1.1.1 | 192.168.2.5 | 0xd3f7 | No error (0) | d2im6frcz4axtj.cloudfront.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 11:27:48.172442913 CEST | 1.1.1.1 | 192.168.2.5 | 0xa21d | No error (0) | 142.250.186.100 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 11:27:48.192420959 CEST | 1.1.1.1 | 192.168.2.5 | 0x26c5 | No error (0) | 65 | IN (0x0001) | false | |||
May 24, 2024 11:28:01.051872969 CEST | 1.1.1.1 | 192.168.2.5 | 0x391f | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 11:28:01.051872969 CEST | 1.1.1.1 | 192.168.2.5 | 0x391f | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 11:28:15.433309078 CEST | 1.1.1.1 | 192.168.2.5 | 0xf6e8 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 11:28:15.433309078 CEST | 1.1.1.1 | 192.168.2.5 | 0xf6e8 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 11:28:36.629578114 CEST | 1.1.1.1 | 192.168.2.5 | 0xe8d5 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 11:28:36.629578114 CEST | 1.1.1.1 | 192.168.2.5 | 0xe8d5 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 11:28:57.023274899 CEST | 1.1.1.1 | 192.168.2.5 | 0xff3a | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 11:28:57.023274899 CEST | 1.1.1.1 | 192.168.2.5 | 0xff3a | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49709 | 13.225.78.59 | 443 | 2796 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 09:27:46 UTC | 693 | OUT | |
2024-05-24 09:27:46 UTC | 682 | IN | |
2024-05-24 09:27:46 UTC | 5941 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49710 | 13.225.78.59 | 443 | 2796 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 09:27:46 UTC | 627 | OUT | |
2024-05-24 09:27:47 UTC | 570 | IN | |
2024-05-24 09:27:47 UTC | 5430 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49713 | 13.225.78.98 | 443 | 2796 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 09:27:48 UTC | 356 | OUT | |
2024-05-24 09:27:48 UTC | 571 | IN | |
2024-05-24 09:27:48 UTC | 5430 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49715 | 2.19.244.127 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 09:27:49 UTC | 161 | OUT | |
2024-05-24 09:27:50 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49716 | 2.19.244.127 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 09:27:50 UTC | 239 | OUT | |
2024-05-24 09:27:51 UTC | 535 | IN | |
2024-05-24 09:27:51 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 05:27:39 |
Start date: | 24/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 05:27:42 |
Start date: | 24/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 05:27:44 |
Start date: | 24/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |