Windows
Analysis Report
https://prod-cdn.wetransfer.net/assets/faktpro/FaktProWeb-Normal-8468a6ca1e0907b839ebc6e8899b4dd39b386b7cfa33743da1ffb30a68c924f6.woff
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 5700 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6780 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2064 --fi eld-trial- handle=195 2,i,616760 6985357172 127,152891 8014591462 664,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6420 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://prod- cdn.wetran sfer.net/a ssets/fakt pro/FaktPr oWeb-Norma l-8468a6ca 1e0907b839 ebc6e8899b 4dd39b386b 7cfa33743d a1ffb30a68 c924f6.wof f" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 216.58.206.68 | true | false | unknown | |
prod-cdn.wetransfer.net | 13.32.27.114 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.32.27.114 | prod-cdn.wetransfer.net | United States | 7018 | ATT-INTERNET4US | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
216.58.206.68 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1520801 |
Start date and time: | 2024-09-27 23:07:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 15s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | https://prod-cdn.wetransfer.net/assets/faktpro/FaktProWeb-Normal-8468a6ca1e0907b839ebc6e8899b4dd39b386b7cfa33743da1ffb30a68c924f6.woff |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@18/11@4/4 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 74.125.71.84, 142.250.185.206, 142.250.185.195, 34.104.35.123, 199.232.214.172, 216.58.206.35, 216.58.206.46
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: https://prod-cdn.wetransfer.net/assets/faktpro/FaktProWeb-Normal-8468a6ca1e0907b839ebc6e8899b4dd39b386b7cfa33743da1ffb30a68c924f6.woff
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.991181246544241 |
Encrypted: | false |
SSDEEP: | 48:8idecT+ApUHMidAKZdA1FehwiZUklqehqy+3:87ci2/py |
MD5: | 04762F0EAD62FA4A1FDF11462053908F |
SHA1: | 0EAFCA2A794A4892CF80B7BFA870DA5F6F7EBF6D |
SHA-256: | 1F462F9F1872E48DA2850ACAEB93A17346DD2090D21B407885CB32AE2594539A |
SHA-512: | 2F40F36A377E59FF44AD076A3263E00616A2669B1C9335B7F19F4FA848821C3FAD9114423AC58A20EA61DF14F67CC4CF059C1C2E1B768B78E445F99DA2101BDB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.006611246228212 |
Encrypted: | false |
SSDEEP: | 48:8MdecT+ApUHMidAKZdA1seh/iZUkAQkqehZy+2:8Nci2J9QQy |
MD5: | 0FC26C5D65B5F388D63B6D77DC77196C |
SHA1: | C9A78DDB047F1F50481A2FA5AF9A134886FBA13B |
SHA-256: | 6118D86FB07F1B895FB67225048FC344FE2FDEEBD2FD2D6A6E6E7FAE2041F6B6 |
SHA-512: | 613E3CAEC550ADA735E8F4CD4D1A01BD8784BB5C31C5C82271B620AEF51B72C2F53A9F4B72ED88C40E49E08639552ADCB02A2D6FC6D13C4625B25C73502FCB03 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.0133809342020825 |
Encrypted: | false |
SSDEEP: | 48:8OdecT+ApAHMidAKZdA14meh7sFiZUkmgqeh7sny+BX:8nci2Bn1y |
MD5: | 2A6BC8D551E73F2CE6988FB98D6DA3F6 |
SHA1: | BD2049565489F4253F906728D93C97919E7F7E6E |
SHA-256: | 4590158FD3589B880B8B504008AF4FF72C3328F9E31113276920E194484F2317 |
SHA-512: | F697455E4434B5267F90228BC331C91AB9F596C094A1B503135012C7F139FD0B9BA6C43C08C7D917EC359AC497EA4439E4E558F92DCE03D78CF875930526F0B9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.004489488836643 |
Encrypted: | false |
SSDEEP: | 48:8+decT+ApUHMidAKZdA1TehDiZUkwqehNy+R:83ci2a/y |
MD5: | 13188E9E2B1014A534C3585A69FF0948 |
SHA1: | AC0E52DD8077C7CCAF769D08934D30861092B894 |
SHA-256: | 0AEDF79AAD007879D5C93401A2340051AFBF729F7310AC92E5BFD4EDBC002D9E |
SHA-512: | 5679AEE34A6C70A98163C50B086430937DDF50C4C0DFF0DB01E29CFA36B1A8BE7218363E05E4E976F9FDAB28F4DD07E57EA1A15E053B0BA5399AA2921B9438C8 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9918021653893963 |
Encrypted: | false |
SSDEEP: | 48:8NdecT+ApUHMidAKZdA1dehBiZUk1W1qehDy+C:8eci269jy |
MD5: | C2E7D9590A8D334E78F1F48D5EC1BF15 |
SHA1: | DDAD598448AB00314B669B9E5928FEFA72A37AAA |
SHA-256: | B56BBC93011D96AA15BC3B263D5ED44B72A77779A52AA5041241D67B0A6AAE5D |
SHA-512: | EB47F26981F337F071C8FE95A214E4796F5CD32661F0FD9A423D59CD6F5136BC4AD72C2D7263B30E9F9C154E31408D2D8F67F19551A574AA9752BA766F5CDF76 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9997681210165563 |
Encrypted: | false |
SSDEEP: | 48:8IdecT+ApUHMidAKZdA1duTeehOuTbbiZUk5OjqehOuTb1y+yT+:8pci2QTfTbxWOvTb1y7T |
MD5: | 8C4FD274FBB0178BC58CD4653E8A1C65 |
SHA1: | 68EA5621C2D03D1EE0D69C2B7CE17F792DFFC3D7 |
SHA-256: | B43D7C5EBC01256E9A969BAC30776F884FB1A488A33B8910D471165971F116FE |
SHA-512: | 89E334E6A491668E9DA2EB73A07E292371469C540A547BF27BD86E38F4834DAEBA80D0105072469CA5485E06130714FC0A698C38F290DD50259F5728DE621E79 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15870 |
Entropy (8bit): | 7.9628286627444975 |
Encrypted: | false |
SSDEEP: | 384:mTNvlSNN5nCRtM92ZYfXjBwfJCYAvPDwPyK+934+RdnoMm0zP:mTNvlSFCR87l6HAMN+Bjno0zP |
MD5: | 2735BCE45EB62509D386CD6CF443F2D0 |
SHA1: | 42EB8B52E38A0D0EB862EA0C069C58FC5A54E89D |
SHA-256: | 60E141E0266946EA7473BDCA00F7D8FA5C50896EF339E22F92E85A4C87921202 |
SHA-512: | 4EDDD7E3C12E4CB64082018BF2394024A8B09C51406C6AD16DC5C9CD3441B3EEE5EA77F03B031160C57317D65D01A5D96141553BDC1BD18E1D4928B8D4F7FC27 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Downloads\FaktProWeb-Normal-8468a6ca1e0907b839ebc6e8899b4dd39b386b7cfa33743da1ffb30a68c924f6.woff (copy)
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 77227 |
Entropy (8bit): | 7.993961181292719 |
Encrypted: | true |
SSDEEP: | 1536:jcR8xqB0hzjN2bYPSramHzj4c4Skn3ToKy7vKxoeClb7IgkDXOsY/:jceIB0B55qrLH/4RDNy7vEClbMqX/ |
MD5: | 21AD0E7E0794C2B771203C61D35D9B38 |
SHA1: | 7AA662B6869DA9551E04EEB1A2E5307EE97BC492 |
SHA-256: | 8468A6CA1E0907B839EBC6E8899B4DD39B386B7CFA33743DA1FFB30A68C924F6 |
SHA-512: | 52240175A7ACE49E84B235D23C5B431DA1C0A17BE7158449F56EB81F7DC36FC2980C60061180E6D4580805D3D46A69CF4348D0AE0CC937EEDA6F3263466FCBF2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\Downloads\FaktProWeb-Normal-8468a6ca1e0907b839ebc6e8899b4dd39b386b7cfa33743da1ffb30a68c924f6.woff.crdownload
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 77227 |
Entropy (8bit): | 7.993961181292719 |
Encrypted: | true |
SSDEEP: | 1536:jcR8xqB0hzjN2bYPSramHzj4c4Skn3ToKy7vKxoeClb7IgkDXOsY/:jceIB0B55qrLH/4RDNy7vEClbMqX/ |
MD5: | 21AD0E7E0794C2B771203C61D35D9B38 |
SHA1: | 7AA662B6869DA9551E04EEB1A2E5307EE97BC492 |
SHA-256: | 8468A6CA1E0907B839EBC6E8899B4DD39B386B7CFA33743DA1FFB30A68C924F6 |
SHA-512: | 52240175A7ACE49E84B235D23C5B431DA1C0A17BE7158449F56EB81F7DC36FC2980C60061180E6D4580805D3D46A69CF4348D0AE0CC937EEDA6F3263466FCBF2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 77227 |
Entropy (8bit): | 7.993961181292719 |
Encrypted: | true |
SSDEEP: | 1536:jcR8xqB0hzjN2bYPSramHzj4c4Skn3ToKy7vKxoeClb7IgkDXOsY/:jceIB0B55qrLH/4RDNy7vEClbMqX/ |
MD5: | 21AD0E7E0794C2B771203C61D35D9B38 |
SHA1: | 7AA662B6869DA9551E04EEB1A2E5307EE97BC492 |
SHA-256: | 8468A6CA1E0907B839EBC6E8899B4DD39B386B7CFA33743DA1FFB30A68C924F6 |
SHA-512: | 52240175A7ACE49E84B235D23C5B431DA1C0A17BE7158449F56EB81F7DC36FC2980C60061180E6D4580805D3D46A69CF4348D0AE0CC937EEDA6F3263466FCBF2 |
Malicious: | false |
Reputation: | low |
URL: | https://prod-cdn.wetransfer.net/assets/faktpro/FaktProWeb-Normal-8468a6ca1e0907b839ebc6e8899b4dd39b386b7cfa33743da1ffb30a68c924f6.woff |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 23:07:36.845248938 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:36.845336914 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:36.845424891 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:36.845549107 CEST | 49701 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:36.845588923 CEST | 443 | 49701 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:36.845650911 CEST | 49701 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:36.845748901 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:36.845787048 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:36.845889091 CEST | 49701 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:36.845900059 CEST | 443 | 49701 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.337049007 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Sep 27, 2024 23:07:37.581700087 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.582144976 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:37.582178116 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.583065987 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.583153009 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:37.584129095 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:37.584206104 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.584299088 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:37.584315062 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.585519075 CEST | 443 | 49701 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.585736990 CEST | 49701 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:37.585757017 CEST | 443 | 49701 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.587224960 CEST | 443 | 49701 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.588354111 CEST | 49701 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:37.589399099 CEST | 49701 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:37.589468002 CEST | 443 | 49701 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.624805927 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:37.640791893 CEST | 49701 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:37.640824080 CEST | 443 | 49701 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.641144991 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Sep 27, 2024 23:07:37.688715935 CEST | 49701 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:37.857042074 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.857060909 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.857065916 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.857076883 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.857111931 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.857268095 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:37.857268095 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:37.857307911 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.857368946 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:37.936826944 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.936841011 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.936939955 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:37.936958075 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.937017918 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:37.943644047 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.943659067 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.943743944 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:37.943758965 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:37.943825960 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:38.023207903 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:38.023232937 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:38.023327112 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:38.023344994 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:38.023437977 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:38.024133921 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:38.024182081 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:38.024204016 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:38.024228096 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:38.024287939 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:38.025082111 CEST | 49700 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:07:38.025106907 CEST | 443 | 49700 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:07:38.248842001 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Sep 27, 2024 23:07:39.456695080 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Sep 27, 2024 23:07:39.921164989 CEST | 49689 | 80 | 192.168.2.16 | 192.229.211.108 |
Sep 27, 2024 23:07:40.754640102 CEST | 49707 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:07:40.754666090 CEST | 443 | 49707 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:07:40.754722118 CEST | 49707 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:07:40.755031109 CEST | 49707 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:07:40.755048990 CEST | 443 | 49707 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:07:41.387656927 CEST | 443 | 49707 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:07:41.388008118 CEST | 49707 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:07:41.388034105 CEST | 443 | 49707 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:07:41.389061928 CEST | 443 | 49707 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:07:41.389131069 CEST | 49707 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:07:41.390217066 CEST | 49707 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:07:41.390286922 CEST | 443 | 49707 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:07:41.432703018 CEST | 49707 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:07:41.432722092 CEST | 443 | 49707 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:07:41.479722023 CEST | 49707 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:07:41.863715887 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Sep 27, 2024 23:07:43.543729067 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:43.543776989 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:43.543872118 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:43.545598984 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:43.545608997 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:44.192307949 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:44.192394018 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:44.197580099 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:44.197598934 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:44.198075056 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:44.244710922 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:44.252041101 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:44.295413017 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:44.460494041 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:44.460609913 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:44.460697889 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:44.460746050 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:44.460766077 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:44.460799932 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:44.460805893 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:44.508387089 CEST | 49710 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:44.508431911 CEST | 443 | 49710 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:44.508546114 CEST | 49710 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:44.510194063 CEST | 49710 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:44.510210037 CEST | 443 | 49710 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:45.145725012 CEST | 443 | 49710 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:45.145869970 CEST | 49710 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:45.147573948 CEST | 49710 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:45.147592068 CEST | 443 | 49710 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:45.147977114 CEST | 443 | 49710 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:45.149487019 CEST | 49710 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:45.191411972 CEST | 443 | 49710 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:45.506247997 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Sep 27, 2024 23:07:45.673186064 CEST | 443 | 49710 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:45.673263073 CEST | 443 | 49710 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:45.673358917 CEST | 49710 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:45.674196005 CEST | 49710 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:45.674217939 CEST | 443 | 49710 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:45.674228907 CEST | 49710 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 27, 2024 23:07:45.674233913 CEST | 443 | 49710 | 184.28.90.27 | 192.168.2.16 |
Sep 27, 2024 23:07:45.806765079 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Sep 27, 2024 23:07:46.411797047 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Sep 27, 2024 23:07:46.666727066 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Sep 27, 2024 23:07:47.625837088 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Sep 27, 2024 23:07:48.894892931 CEST | 49711 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:07:48.894918919 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:48.894999981 CEST | 49711 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:07:48.896116972 CEST | 49711 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:07:48.896131039 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:49.634902000 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:49.634993076 CEST | 49711 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:07:49.637512922 CEST | 49711 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:07:49.637522936 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:49.637921095 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:49.687889099 CEST | 49711 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:07:49.705338001 CEST | 49711 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:07:49.747447014 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:49.957406044 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:49.957431078 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:49.957438946 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:49.957452059 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:49.957510948 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:49.957541943 CEST | 49711 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:07:49.957559109 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:49.957591057 CEST | 49711 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:07:49.957612991 CEST | 49711 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:07:49.957954884 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:49.958028078 CEST | 49711 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:07:49.958034039 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:49.958777905 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:49.958838940 CEST | 49711 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:07:49.970523119 CEST | 49711 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:07:49.970535994 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:49.970546007 CEST | 49711 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:07:49.970551014 CEST | 443 | 49711 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:07:49.975923061 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Sep 27, 2024 23:07:50.039757013 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Sep 27, 2024 23:07:50.279772043 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Sep 27, 2024 23:07:50.887769938 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Sep 27, 2024 23:07:51.302567959 CEST | 443 | 49707 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:07:51.302711010 CEST | 443 | 49707 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:07:51.302860975 CEST | 49707 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:07:52.102848053 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Sep 27, 2024 23:07:52.216149092 CEST | 49707 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:07:52.216171026 CEST | 443 | 49707 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:07:54.514821053 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Sep 27, 2024 23:07:54.848758936 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Sep 27, 2024 23:07:56.268774986 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Sep 27, 2024 23:07:59.320815086 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Sep 27, 2024 23:08:04.449932098 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Sep 27, 2024 23:08:07.383232117 CEST | 443 | 49701 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:08:07.383330107 CEST | 443 | 49701 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:08:07.383409977 CEST | 49701 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:08:08.219433069 CEST | 49701 | 443 | 192.168.2.16 | 13.32.27.114 |
Sep 27, 2024 23:08:08.219475031 CEST | 443 | 49701 | 13.32.27.114 | 192.168.2.16 |
Sep 27, 2024 23:08:08.933836937 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Sep 27, 2024 23:08:26.332037926 CEST | 49712 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:08:26.332140923 CEST | 443 | 49712 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:08:26.332263947 CEST | 49712 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:08:26.332601070 CEST | 49712 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:08:26.332639933 CEST | 443 | 49712 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:08:27.006522894 CEST | 443 | 49712 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:08:27.006721020 CEST | 49712 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:08:27.008009911 CEST | 49712 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:08:27.008038998 CEST | 443 | 49712 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:08:27.008312941 CEST | 443 | 49712 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:08:27.010345936 CEST | 49712 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:08:27.055396080 CEST | 443 | 49712 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:08:27.271569014 CEST | 443 | 49712 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:08:27.271596909 CEST | 443 | 49712 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:08:27.271611929 CEST | 443 | 49712 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:08:27.271728992 CEST | 49712 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:08:27.271764994 CEST | 443 | 49712 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:08:27.271826029 CEST | 49712 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:08:27.271913052 CEST | 49712 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:08:27.272883892 CEST | 443 | 49712 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:08:27.272919893 CEST | 443 | 49712 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:08:27.272978067 CEST | 49712 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:08:27.272991896 CEST | 443 | 49712 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:08:27.273037910 CEST | 49712 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:08:27.273171902 CEST | 443 | 49712 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:08:27.273262024 CEST | 49712 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:08:27.275074005 CEST | 49712 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:08:27.275106907 CEST | 443 | 49712 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:08:27.275132895 CEST | 49712 | 443 | 192.168.2.16 | 52.165.165.26 |
Sep 27, 2024 23:08:27.275147915 CEST | 443 | 49712 | 52.165.165.26 | 192.168.2.16 |
Sep 27, 2024 23:08:40.809989929 CEST | 49714 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:08:40.810086966 CEST | 443 | 49714 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:08:40.810195923 CEST | 49714 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:08:40.810539007 CEST | 49714 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:08:40.810585022 CEST | 443 | 49714 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:08:41.449476957 CEST | 443 | 49714 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:08:41.449827909 CEST | 49714 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:08:41.449862957 CEST | 443 | 49714 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:08:41.450330019 CEST | 443 | 49714 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:08:41.450699091 CEST | 49714 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:08:41.450786114 CEST | 443 | 49714 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:08:41.493940115 CEST | 49714 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:08:51.368380070 CEST | 443 | 49714 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:08:51.368513107 CEST | 443 | 49714 | 216.58.206.68 | 192.168.2.16 |
Sep 27, 2024 23:08:51.368613958 CEST | 49714 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:08:52.209429979 CEST | 49714 | 443 | 192.168.2.16 | 216.58.206.68 |
Sep 27, 2024 23:08:52.209501982 CEST | 443 | 49714 | 216.58.206.68 | 192.168.2.16 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2024 23:07:36.117942095 CEST | 53 | 57449 | 1.1.1.1 | 192.168.2.16 |
Sep 27, 2024 23:07:36.118006945 CEST | 53 | 52437 | 1.1.1.1 | 192.168.2.16 |
Sep 27, 2024 23:07:36.833997011 CEST | 51080 | 53 | 192.168.2.16 | 1.1.1.1 |
Sep 27, 2024 23:07:36.834137917 CEST | 61489 | 53 | 192.168.2.16 | 1.1.1.1 |
Sep 27, 2024 23:07:36.844410896 CEST | 53 | 51080 | 1.1.1.1 | 192.168.2.16 |
Sep 27, 2024 23:07:36.844647884 CEST | 53 | 61489 | 1.1.1.1 | 192.168.2.16 |
Sep 27, 2024 23:07:37.107485056 CEST | 53 | 49559 | 1.1.1.1 | 192.168.2.16 |
Sep 27, 2024 23:07:40.746491909 CEST | 55145 | 53 | 192.168.2.16 | 1.1.1.1 |
Sep 27, 2024 23:07:40.746653080 CEST | 60611 | 53 | 192.168.2.16 | 1.1.1.1 |
Sep 27, 2024 23:07:40.753441095 CEST | 53 | 55145 | 1.1.1.1 | 192.168.2.16 |
Sep 27, 2024 23:07:40.753894091 CEST | 53 | 60611 | 1.1.1.1 | 192.168.2.16 |
Sep 27, 2024 23:07:54.173324108 CEST | 53 | 62258 | 1.1.1.1 | 192.168.2.16 |
Sep 27, 2024 23:08:13.271157026 CEST | 53 | 61104 | 1.1.1.1 | 192.168.2.16 |
Sep 27, 2024 23:08:35.922136068 CEST | 53 | 63744 | 1.1.1.1 | 192.168.2.16 |
Sep 27, 2024 23:08:36.079493046 CEST | 53 | 60927 | 1.1.1.1 | 192.168.2.16 |
Sep 27, 2024 23:08:41.683115005 CEST | 138 | 138 | 192.168.2.16 | 192.168.2.255 |
Sep 27, 2024 23:09:04.971452951 CEST | 53 | 57084 | 1.1.1.1 | 192.168.2.16 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 27, 2024 23:07:36.833997011 CEST | 192.168.2.16 | 1.1.1.1 | 0xb83 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 23:07:36.834137917 CEST | 192.168.2.16 | 1.1.1.1 | 0x53f0 | Standard query (0) | 65 | IN (0x0001) | false | |
Sep 27, 2024 23:07:40.746491909 CEST | 192.168.2.16 | 1.1.1.1 | 0x43d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 27, 2024 23:07:40.746653080 CEST | 192.168.2.16 | 1.1.1.1 | 0xeb90 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 27, 2024 23:07:36.844410896 CEST | 1.1.1.1 | 192.168.2.16 | 0xb83 | No error (0) | 13.32.27.114 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:07:36.844410896 CEST | 1.1.1.1 | 192.168.2.16 | 0xb83 | No error (0) | 13.32.27.84 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:07:36.844410896 CEST | 1.1.1.1 | 192.168.2.16 | 0xb83 | No error (0) | 13.32.27.4 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:07:36.844410896 CEST | 1.1.1.1 | 192.168.2.16 | 0xb83 | No error (0) | 13.32.27.16 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:07:40.753441095 CEST | 1.1.1.1 | 192.168.2.16 | 0x43d | No error (0) | 216.58.206.68 | A (IP address) | IN (0x0001) | false | ||
Sep 27, 2024 23:07:40.753894091 CEST | 1.1.1.1 | 192.168.2.16 | 0xeb90 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49700 | 13.32.27.114 | 443 | 6780 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 21:07:37 UTC | 768 | OUT | |
2024-09-27 21:07:37 UTC | 514 | IN | |
2024-09-27 21:07:37 UTC | 15870 | IN | |
2024-09-27 21:07:37 UTC | 16384 | IN | |
2024-09-27 21:07:37 UTC | 16384 | IN | |
2024-09-27 21:07:38 UTC | 16384 | IN | |
2024-09-27 21:07:38 UTC | 12205 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.16 | 49709 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 21:07:44 UTC | 161 | OUT | |
2024-09-27 21:07:44 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.16 | 49710 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 21:07:45 UTC | 239 | OUT | |
2024-09-27 21:07:45 UTC | 515 | IN | |
2024-09-27 21:07:45 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.16 | 49711 | 52.165.165.26 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 21:07:49 UTC | 306 | OUT | |
2024-09-27 21:07:49 UTC | 560 | IN | |
2024-09-27 21:07:49 UTC | 15824 | IN | |
2024-09-27 21:07:49 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.16 | 49712 | 52.165.165.26 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-27 21:08:27 UTC | 306 | OUT | |
2024-09-27 21:08:27 UTC | 560 | IN | |
2024-09-27 21:08:27 UTC | 15824 | IN | |
2024-09-27 21:08:27 UTC | 14181 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 17:07:34 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 17:07:35 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 17:07:36 |
Start date: | 27/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |