Windows
Analysis Report
http://https:/atpscan.global.hornetsecurity.com?d=HxUeIGqTQEqvwrU8p1N89GE3yJlZecpNcGjfW6U6YzYSjU_9OiLEcgg647uzUCOz&f=lCjmWZaU_lXGo-uD-VMCm8CTm9juwffvjLZZjV_sHlLrHh6gMvhc-HPIU6ctVgjB&i=&k=raoI&m=z096FzzmeY0TwKP_lLoSRO1ALDlxuPs0wb9J7P-04Nvq72vehgtQvm2ae-s4N7jdwX3cbgaNR5sm_YmOWvXX07-DrCU2CsVsnW7CNYmEvm
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64_ra
- chrome.exe (PID: 6356 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 5644 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2160 --fi eld-trial- handle=165 2,i,609083 5143889241 649,409201 8572592582 02,262144 --disable- features=O ptimizatio nGuideMode lDownloadi ng,Optimiz ationHints ,Optimizat ionHintsFe tching,Opt imizationT argetPredi ction /pre fetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6748 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://https: /atpscan.g lobal.horn etsecurity .com?d=HxU eIGqTQEqvw rU8p1N89GE 3yJlZecpNc GjfW6U6YzY SjU_9OiLEc gg647uzUCO z&f=lCjmWZ aU_lXGo-uD -VMCm8CTm9 juwffvjLZZ jV_sHlLrHh 6gMvhc-HPI U6ctVgjB&i =&k=raoI&m =z096Fzzme Y0TwKP_lLo SRO1ALDlxu Ps0wb9J7P- 04Nvq72veh gtQvm2ae-s 4N7jdwX3cb gaNR5sm_Ym OWvXX07-Dr CU2CsVsnW7 CNYmEvm62k p40rQziaMt WdO48yE3P& n=jt2iaFke e2RMzcRS0s _k1DZgKPZQ qDTpNjkXDH 5q7BYKpdiM VXwkcO9G-H iUGe3P3iUb TzVkOYExqU MdU7dDZw&r =HIcFJpaQD mgaBEPEgO7 ak_3notrkS vxgxxz_ZDL Xwjn8CR1bH 1fIEvoEJrz n6ghR&s=27 253a14b4e3 08d9880373 5f7d14c907 06c09a034a a7045c1e16 9d37118534 cd&u=https *3A*2F*2Fp itstop.pow ellind.com *2Fxfer*2F bhub.cgi*3 Fact*3Ddir ect_downlo ad_file*26 package_id *3Dpowelld ocmanager* 2540powell ind*252Eco m*255FO8FN 5TMSR40O4R 6VOBEQREUV 86*26file_ name*3D253 94301TR8*2 52Ezip*26u sername*3D dlarue*254 0schmidt*2 52Delectri c*252Ecom* 26direct_t oken*3D017 1FB06502FE 3115A63166 894845D25_ _;JSUlJSUl JSUlJSUlJS UlJSUlJSUl JQ!!PsRMz_ liT-2f!lyF BpyvRN69uT i9lGXPBKy- XSt-kz0C0J EORrqM8dMd i_IxvE9r1J Fw4LyvspGo o--E3uM-bm u0c27NT9-D G$" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
google.com | 142.250.184.206 | true | false |
| unknown |
www.google.com | 142.250.185.132 | true | false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.185.132 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.16 |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1522630 |
Start date and time: | 2024-09-30 13:54:23 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 8s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | http://https:/atpscan.global.hornetsecurity.com?d=HxUeIGqTQEqvwrU8p1N89GE3yJlZecpNcGjfW6U6YzYSjU_9OiLEcgg647uzUCOz&f=lCjmWZaU_lXGo-uD-VMCm8CTm9juwffvjLZZjV_sHlLrHh6gMvhc-HPIU6ctVgjB&i=&k=raoI&m=z096FzzmeY0TwKP_lLoSRO1ALDlxuPs0wb9J7P-04Nvq72vehgtQvm2ae-s4N7jdwX3cbgaNR5sm_YmOWvXX07-DrCU2CsVsnW7CNYmEvm62kp40rQziaMtWdO48yE3P&n=jt2iaFkee2RMzcRS0s_k1DZgKPZQqDTpNjkXDH5q7BYKpdiMVXwkcO9G-HiUGe3P3iUbTzVkOYExqUMdU7dDZw&r=HIcFJpaQDmgaBEPEgO7ak_3notrkSvxgxxz_ZDLXwjn8CR1bH1fIEvoEJrzn6ghR&s=27253a14b4e308d98803735f7d14c90706c09a034aa7045c1e169d37118534cd&u=https*3A*2F*2Fpitstop.powellind.com*2Fxfer*2Fbhub.cgi*3Fact*3Ddirect_download_file*26package_id*3Dpowelldocmanager*2540powellind*252Ecom*255FO8FN5TMSR40O4R6VOBEQREUV86*26file_name*3D25394301TR8*252Ezip*26username*3Ddlarue*2540schmidt*252Delectric*252Ecom*26direct_token*3D0171FB06502FE3115A63166894845D25__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!PsRMz_liT-2f!lyFBpyvRN69uTi9lGXPBKy-XSt-kz0C0JEORrqM8dMdi_IxvE9r1JFw4LyvspGoo--E3uM-bmu0c27NT9-DG$ |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 13 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@22/6@4/3 |
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.184.238, 173.194.76.84, 142.250.186.67, 34.104.35.123, 199.232.214.172, 172.217.16.195, 142.250.185.174
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.986195909556042 |
Encrypted: | false |
SSDEEP: | 48:83ddTFViHOidAKZdA1FehwiZUklqeh2y+3:8/rPZy |
MD5: | 13F21623A1B4B30E744B3E1935754F64 |
SHA1: | 238FBCB4952774FDABB278F382FA84A07119C1F3 |
SHA-256: | 0F33D4624CB7D5BAFAC20CD36A8EDE90147AF92ED94AE730985E88D5E30D7605 |
SHA-512: | BF2E30D60EC611CC6E91904BFFCBCCEE356AAC64D0E16DDA40D282D417C07D49C0483236434BBC19BEF0B1184C6562BDBEE85C4E720BCD6A752C2879834BA412 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.004492472593786 |
Encrypted: | false |
SSDEEP: | 48:80ddTFViHOidAKZdA1seh/iZUkAQkqehJy+2:8Or59Q0y |
MD5: | FE938F3DEA6DBAC82156B06BEB49EEF8 |
SHA1: | 3C18DD279279106BB0058520D89E8838417D34B8 |
SHA-256: | 5348DB7C7188C8B203C52FCD61463722ABAFC7BD33B8EC70691ADA857D08A72E |
SHA-512: | 36FA3E956163BD177D2DDCF244608F8DAEFFF6EC5F4C35E6A5A35D8EE1A53145243A22D3725954C50E7B52B9CFCF16C24C271EDD6E2A88984493B63402554F38 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.008701017092537 |
Encrypted: | false |
SSDEEP: | 48:86ddTFVAHOidAKZdA14meh7sFiZUkmgqeh7sny+BX:8UrXnVy |
MD5: | 12072033F34CDF3F2AF18DB198DA83A0 |
SHA1: | B2933256979926108487876B74346E2ED4290C39 |
SHA-256: | 516910A9E6B254646F3C24572D36ACEA249C35EC80F2D9E3C42EBC7E55A8B37A |
SHA-512: | D54B8C4CFFA035D528B2547B1C03A145136B231BEBBD459230A86891EE3A72D690480C9AFC59BF0371B9084654162B502E53EA49BB70DE083F5C61E670C2E6A1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.002972048566335 |
Encrypted: | false |
SSDEEP: | 48:8rddTFViHOidAKZdA1TehDiZUkwqeh9y+R:8Trqvy |
MD5: | C71536A5FE8B02EE877770E698E799C6 |
SHA1: | DC598199EF70F145C8BFC064F963FB478F7B6A7D |
SHA-256: | DE17A446207A7F66AB09FF7F387A82C23A624FC2BAEC1083B5FDBB1BF3413102 |
SHA-512: | 3ACB4EEB50B5694694C4150CEF5A38A710DF787DFB8F7D60B871C36EE64A55D144C677630CFEA92826FE54E1982AEFEB29871370BC634110B84F649026DFC893 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.989423123891425 |
Encrypted: | false |
SSDEEP: | 48:8WddTFViHOidAKZdA1dehBiZUk1W1qehjy+C:8Qrq9Dy |
MD5: | B8B75E066E1135FA693BABEEC2001ADE |
SHA1: | 0180BE839C7C4A827F2FF2F5D916ED0B092E3B13 |
SHA-256: | 56A013187F5B99082D6760AEAB36E64BE55D0A78D870ABC0B73E003E349E0E8D |
SHA-512: | 4A7282B3B6E10427A16653B7754C285AD87BA89C1A52E2E3FA9EE42CDDC8D744900F60D5487F1F2006ECE6319058143221C22A023CBABB4473A66434D042C1B9 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9981311077393773 |
Encrypted: | false |
SSDEEP: | 48:8VddTFViHOidAKZdA1duTeehOuTbbiZUk5OjqehOuTbVy+yT+:81rgTfTbxWOvTbVy7T |
MD5: | D0D4EE50E3F6D73D7561A452BB55B3AF |
SHA1: | A450BC22ED3D4FF67A6B2C4D93978A5B1B2E1229 |
SHA-256: | 4FEA214FFCC52DC4B36BDE32ED5E80D5A1D0F6BD62FEAA780069FD9F5BA80481 |
SHA-512: | 8C2205ED1819D8DE8FAFBC4BED553051FEE385660BC6EB52443D6CA5FECF234C111BE3616CDCF63497F7715A43874E77555D20F01C73BBAC69C9C456EBC6D4A5 |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 30, 2024 13:54:54.346491098 CEST | 49701 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:54:54.346554041 CEST | 443 | 49701 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:54:54.346642971 CEST | 49701 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:54:54.346864939 CEST | 49701 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:54:54.346898079 CEST | 443 | 49701 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:54:54.983871937 CEST | 443 | 49701 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:54:54.984189034 CEST | 49701 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:54:54.984220028 CEST | 443 | 49701 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:54:54.985872984 CEST | 443 | 49701 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:54:54.985960960 CEST | 49701 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:54:54.986943960 CEST | 49701 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:54:54.987063885 CEST | 443 | 49701 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:54:55.029654026 CEST | 49701 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:54:55.029681921 CEST | 443 | 49701 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:54:55.077697039 CEST | 49701 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:54:55.701154947 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Sep 30, 2024 13:54:56.008649111 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Sep 30, 2024 13:54:56.624322891 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Sep 30, 2024 13:54:57.831696987 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Sep 30, 2024 13:54:58.486166000 CEST | 49689 | 80 | 192.168.2.16 | 192.229.211.108 |
Sep 30, 2024 13:55:00.235709906 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Sep 30, 2024 13:55:01.904934883 CEST | 49707 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:01.904964924 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:01.905064106 CEST | 49707 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:01.906985044 CEST | 49707 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:01.907004118 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:01.918952942 CEST | 49708 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:01.918975115 CEST | 443 | 49708 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:01.919051886 CEST | 49708 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:01.919908047 CEST | 49708 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:01.919929028 CEST | 443 | 49708 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:02.558392048 CEST | 443 | 49708 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:02.558471918 CEST | 49708 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:02.563072920 CEST | 49708 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:02.563080072 CEST | 443 | 49708 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:02.563287973 CEST | 443 | 49708 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:02.596299887 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:02.596373081 CEST | 49707 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:02.599877119 CEST | 49707 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:02.599883080 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:02.600091934 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:02.608649015 CEST | 49708 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:02.642657042 CEST | 49707 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:02.655420065 CEST | 443 | 49708 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:02.665450096 CEST | 49707 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:02.707433939 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:02.868855953 CEST | 443 | 49708 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:02.868897915 CEST | 443 | 49708 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:02.868949890 CEST | 49708 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:02.869147062 CEST | 49708 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:02.869162083 CEST | 443 | 49708 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:02.869175911 CEST | 49708 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:02.869182110 CEST | 443 | 49708 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:02.892203093 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:02.892226934 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:02.892235994 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:02.892250061 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:02.892275095 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:02.892285109 CEST | 49707 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:02.892302036 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:02.892329931 CEST | 49707 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:02.892364025 CEST | 49707 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:02.892745018 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:02.892805099 CEST | 49707 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:02.892813921 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:02.892919064 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:02.892966032 CEST | 49707 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:02.903402090 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:02.903429985 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:02.903501987 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:02.903917074 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:02.903927088 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:02.906579971 CEST | 49707 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:02.906590939 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:02.906634092 CEST | 49707 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:02.906640053 CEST | 443 | 49707 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:03.541521072 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:03.541600943 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:03.542740107 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:03.542747021 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:03.542949915 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:03.543973923 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:03.591397047 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:03.819343090 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:03.819425106 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:03.819545031 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:03.820314884 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:03.820333958 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:03.820342064 CEST | 49709 | 443 | 192.168.2.16 | 184.28.90.27 |
Sep 30, 2024 13:55:03.820347071 CEST | 443 | 49709 | 184.28.90.27 | 192.168.2.16 |
Sep 30, 2024 13:55:03.868963957 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Sep 30, 2024 13:55:04.171662092 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Sep 30, 2024 13:55:04.772666931 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Sep 30, 2024 13:55:05.044645071 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Sep 30, 2024 13:55:05.364033937 CEST | 443 | 49701 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:55:05.364111900 CEST | 443 | 49701 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:55:05.364260912 CEST | 49701 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:55:05.748224020 CEST | 49701 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:55:05.748258114 CEST | 443 | 49701 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:55:05.985657930 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Sep 30, 2024 13:55:08.335104942 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Sep 30, 2024 13:55:08.398685932 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Sep 30, 2024 13:55:08.638758898 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Sep 30, 2024 13:55:09.245685101 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Sep 30, 2024 13:55:10.452744961 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Sep 30, 2024 13:55:12.856700897 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Sep 30, 2024 13:55:13.207806110 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Sep 30, 2024 13:55:14.659686089 CEST | 49673 | 443 | 192.168.2.16 | 204.79.197.203 |
Sep 30, 2024 13:55:17.670747995 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Sep 30, 2024 13:55:22.807727098 CEST | 49678 | 443 | 192.168.2.16 | 20.189.173.10 |
Sep 30, 2024 13:55:27.284713030 CEST | 49680 | 80 | 192.168.2.16 | 192.229.211.108 |
Sep 30, 2024 13:55:39.338175058 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:39.338224888 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:39.338329077 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:39.338665962 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:39.338677883 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:40.019973040 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:40.020082951 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:40.021409035 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:40.021420956 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:40.021759987 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:40.023634911 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:40.067409992 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:40.288080931 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:40.288111925 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:40.288130999 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:40.288183928 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:40.288212061 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:40.288261890 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:40.289562941 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:40.289611101 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:40.289629936 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:40.289639950 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:40.289669991 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:40.289724112 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:40.289774895 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:40.291241884 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:40.291261911 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:40.291273117 CEST | 49710 | 443 | 192.168.2.16 | 13.85.23.86 |
Sep 30, 2024 13:55:40.291277885 CEST | 443 | 49710 | 13.85.23.86 | 192.168.2.16 |
Sep 30, 2024 13:55:54.401885033 CEST | 49712 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:55:54.401977062 CEST | 443 | 49712 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:55:54.402103901 CEST | 49712 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:55:54.402429104 CEST | 49712 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:55:54.402457952 CEST | 443 | 49712 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:55:55.043411970 CEST | 443 | 49712 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:55:55.043828011 CEST | 49712 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:55:55.043863058 CEST | 443 | 49712 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:55:55.044370890 CEST | 443 | 49712 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:55:55.044764996 CEST | 49712 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:55:55.044833899 CEST | 443 | 49712 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:55:55.088809013 CEST | 49712 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:56:04.951648951 CEST | 443 | 49712 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:56:04.951781988 CEST | 443 | 49712 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:56:04.951878071 CEST | 49712 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:56:05.746176958 CEST | 49712 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:56:05.746237993 CEST | 443 | 49712 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:56:54.466051102 CEST | 49714 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:56:54.466100931 CEST | 443 | 49714 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:56:54.466176987 CEST | 49714 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:56:54.466487885 CEST | 49714 | 443 | 192.168.2.16 | 142.250.185.132 |
Sep 30, 2024 13:56:54.466500998 CEST | 443 | 49714 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:56:55.299694061 CEST | 443 | 49714 | 142.250.185.132 | 192.168.2.16 |
Sep 30, 2024 13:56:55.354926109 CEST | 49714 | 443 | 192.168.2.16 | 142.250.185.132 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 30, 2024 13:54:49.530489922 CEST | 53 | 52897 | 1.1.1.1 | 192.168.2.16 |
Sep 30, 2024 13:54:49.534687042 CEST | 53 | 52764 | 1.1.1.1 | 192.168.2.16 |
Sep 30, 2024 13:54:50.429416895 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Sep 30, 2024 13:54:50.582496881 CEST | 53 | 63811 | 1.1.1.1 | 192.168.2.16 |
Sep 30, 2024 13:54:51.186779022 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Sep 30, 2024 13:54:51.948755026 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Sep 30, 2024 13:54:52.735919952 CEST | 59517 | 53 | 192.168.2.16 | 8.8.8.8 |
Sep 30, 2024 13:54:52.736335039 CEST | 63622 | 53 | 192.168.2.16 | 1.1.1.1 |
Sep 30, 2024 13:54:52.742906094 CEST | 53 | 59517 | 8.8.8.8 | 192.168.2.16 |
Sep 30, 2024 13:54:52.743251085 CEST | 53 | 63622 | 1.1.1.1 | 192.168.2.16 |
Sep 30, 2024 13:54:53.781111002 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Sep 30, 2024 13:54:54.336888075 CEST | 54013 | 53 | 192.168.2.16 | 1.1.1.1 |
Sep 30, 2024 13:54:54.337099075 CEST | 57409 | 53 | 192.168.2.16 | 1.1.1.1 |
Sep 30, 2024 13:54:54.344379902 CEST | 53 | 54013 | 1.1.1.1 | 192.168.2.16 |
Sep 30, 2024 13:54:54.345532894 CEST | 53 | 57409 | 1.1.1.1 | 192.168.2.16 |
Sep 30, 2024 13:54:54.533704996 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Sep 30, 2024 13:54:55.284742117 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Sep 30, 2024 13:55:01.055316925 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Sep 30, 2024 13:55:01.815730095 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Sep 30, 2024 13:55:02.579725027 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Sep 30, 2024 13:55:07.640180111 CEST | 53 | 57051 | 1.1.1.1 | 192.168.2.16 |
Sep 30, 2024 13:55:26.448030949 CEST | 53 | 62616 | 1.1.1.1 | 192.168.2.16 |
Sep 30, 2024 13:55:33.358444929 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Sep 30, 2024 13:55:34.116810083 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Sep 30, 2024 13:55:34.881947041 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Sep 30, 2024 13:55:49.329721928 CEST | 53 | 50187 | 1.1.1.1 | 192.168.2.16 |
Sep 30, 2024 13:55:49.481770039 CEST | 53 | 62683 | 1.1.1.1 | 192.168.2.16 |
Sep 30, 2024 13:56:00.034897089 CEST | 138 | 138 | 192.168.2.16 | 192.168.2.255 |
Sep 30, 2024 13:56:18.212214947 CEST | 53 | 63270 | 1.1.1.1 | 192.168.2.16 |
Sep 30, 2024 13:56:35.653326988 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Sep 30, 2024 13:56:36.415051937 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Sep 30, 2024 13:56:37.167012930 CEST | 137 | 137 | 192.168.2.16 | 192.168.2.255 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 30, 2024 13:54:52.735919952 CEST | 192.168.2.16 | 8.8.8.8 | 0x8bde | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 30, 2024 13:54:52.736335039 CEST | 192.168.2.16 | 1.1.1.1 | 0xeb4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 30, 2024 13:54:54.336888075 CEST | 192.168.2.16 | 1.1.1.1 | 0x94e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 30, 2024 13:54:54.337099075 CEST | 192.168.2.16 | 1.1.1.1 | 0x3fe4 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 30, 2024 13:54:52.742906094 CEST | 8.8.8.8 | 192.168.2.16 | 0x8bde | No error (0) | 142.250.184.206 | A (IP address) | IN (0x0001) | false | ||
Sep 30, 2024 13:54:52.743251085 CEST | 1.1.1.1 | 192.168.2.16 | 0xeb4 | No error (0) | 216.58.206.46 | A (IP address) | IN (0x0001) | false | ||
Sep 30, 2024 13:54:54.344379902 CEST | 1.1.1.1 | 192.168.2.16 | 0x94e | No error (0) | 142.250.185.132 | A (IP address) | IN (0x0001) | false | ||
Sep 30, 2024 13:54:54.345532894 CEST | 1.1.1.1 | 192.168.2.16 | 0x3fe4 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.16 | 49708 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-30 11:55:02 UTC | 161 | OUT | |
2024-09-30 11:55:02 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.16 | 49707 | 13.85.23.86 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-30 11:55:02 UTC | 306 | OUT | |
2024-09-30 11:55:02 UTC | 560 | IN | |
2024-09-30 11:55:02 UTC | 15824 | IN | |
2024-09-30 11:55:02 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.16 | 49709 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-30 11:55:03 UTC | 239 | OUT | |
2024-09-30 11:55:03 UTC | 514 | IN | |
2024-09-30 11:55:03 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.16 | 49710 | 13.85.23.86 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-30 11:55:40 UTC | 306 | OUT | |
2024-09-30 11:55:40 UTC | 560 | IN | |
2024-09-30 11:55:40 UTC | 15824 | IN | |
2024-09-30 11:55:40 UTC | 14181 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 07:54:48 |
Start date: | 30/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 07:54:48 |
Start date: | 30/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 07:54:49 |
Start date: | 30/09/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7f9810000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |