Windows
Analysis Report
https://s.viisupport.com/n/827/ozihu7sqiznhw6tfpj2eazqdpnwxoz3xizbfiackizegikq5p7rwm4bnf5mriwl6fftx44sfmihx6olrmnyukq2raalucqdaceuq6j2ymfmu4v2okr4h6y36llbjyjln6kvjbstwivtau6rcynlcqbiosg5j53euulhom3bascmnrq2vi3g35m5ijie623vyomwhbjew4bwv44tbjnewdfz46ldgsafloqvdmtkyirluhakk4izxh6tzllqexofwmtqevihzllkux
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 5972 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 4564 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2580 --fi eld-trial- handle=254 0,i,359828 1625399008 6,15675130 2484233532 73,262144 --disable- features=O ptimizatio nGuideMode lDownloadi ng,Optimiz ationHints ,Optimizat ionHintsFe tching,Opt imizationT argetPredi ction /pre fetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 4180 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://s.vii support.co m/n/827/oz ihu7sqiznh w6tfpj2eaz qdpnwxoz3x izbfiackiz egikq5p7rw m4bnf5mriw l6fftx44sf mihx6olrmn yukq2raalu cqdaceuq6j 2ymfmu4v2o kr4h6y36ll bjyjln6kvj bstwivtau6 rcynlcqbio sg5j53euul hom3bascmn rq2vi3g35m 5ijie623vy omwhbjew4b wv44tbjnew dfz46ldgsa floqvdmtky irluhakk4i zxh6tzllqe xofwmtqevi hzllkux3k7 rbbypnm4j2 kukqhuubg3 om6u5g6gvf kl4gcbs3fd jb7yu3c576 dxbg3rkm3e 3oav57gu5d lafhnhgr7a ofe5mryxqb feholwxghj danxxwgkzs kmxbcyhb5i uko43dmnq5 izqs3pwrwv ghq2ex7g6s sikyehcqfq bhovurpxih uxnsbqoets wfgajccnbh p3w63j5ces joffibslo" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Avira URL Cloud: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
s.viisupport.com | 185.98.54.153 | true | false | unknown | |
www.google.com | 142.250.31.104 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.31.104 | www.google.com | United States | 15169 | GOOGLEUS | false | |
185.98.54.153 | s.viisupport.com | Netherlands | 39572 | ADVANCEDHOSTERS-ASNL | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417481 |
Start date and time: | 2024-03-29 12:50:26 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 59s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://s.viisupport.com/n/827/ozihu7sqiznhw6tfpj2eazqdpnwxoz3xizbfiackizegikq5p7rwm4bnf5mriwl6fftx44sfmihx6olrmnyukq2raalucqdaceuq6j2ymfmu4v2okr4h6y36llbjyjln6kvjbstwivtau6rcynlcqbiosg5j53euulhom3bascmnrq2vi3g35m5ijie623vyomwhbjew4bwv44tbjnewdfz46ldgsafloqvdmtkyirluhakk4izxh6tzllqexofwmtqevihzllkux3k7rbbypnm4j2kukqhuubg3om6u5g6gvfkl4gcbs3fdjb7yu3c576dxbg3rkm3e3oav57gu5dlafhnhgr7aofe5mryxqbfeholwxghjdanxxwgkzskmxbcyhb5iuko43dmnq5izqs3pwrwvghq2ex7g6ssikyehcqfqbhovurpxihuxnsbqoetswfgajccnbhp3w63j5cesjoffibslo |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.win@16/8@4/4 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.251.16.101, 142.251.16.139, 142.251.16.100, 142.251.16.113, 142.251.16.138, 142.251.16.102, 172.253.63.94, 142.251.16.84, 34.104.35.123, 40.127.169.103, 72.21.81.240, 192.229.211.108, 23.207.202.17, 23.207.202.37, 23.207.202.38, 23.207.202.18, 23.207.202.19, 23.207.202.23, 23.207.202.31, 23.207.202.30, 23.207.202.41, 52.165.164.15, 52.165.165.26, 142.251.16.94
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, wu.azureedge.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9794661296007092 |
Encrypted: | false |
SSDEEP: | 48:8HdcTgwQH5idAKZdA19ehwiZUklqehty+3:8mfCay |
MD5: | 3FE7DD5036408F9F954B2A04A7D60BAF |
SHA1: | 515AA47784A9F7057824EC5C4A6AA8907DE72447 |
SHA-256: | 6ED54CAB9C8F2B5487A75D207FD33B5DB485CFB61C896F65052916CBCD81B0DD |
SHA-512: | B261A22286A098BBF768BDA91E4325B7893C9797B8A1E1CB9D2C4ADDC8DF79CF4BD3A7A32799EE753051CE38E6D27E703C2F7CA727B88F2475D887ADA575FA97 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.990190966221424 |
Encrypted: | false |
SSDEEP: | 48:8mdcTgwQH5idAKZdA1weh/iZUkAQkqehKy+2:8RfY9QLy |
MD5: | 16A10E39936551FE80D3459F9357BD0F |
SHA1: | 78CF7AF64A8E22706349F4DA57265E6B77CB1904 |
SHA-256: | 3920A1AFAEC01EDF358EB31878D25A2EFF9D3280CB96EC31386BC1F38E87BBF7 |
SHA-512: | 27F2C4D44EE9060AE522DE1A74E9401F1100901FD05854251B273194EF1A42394CC0A856C5FD1FEA1F6605917CB02EE6145ED03EFA6EA8566A6A54C5B68C3522 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.003707964354365 |
Encrypted: | false |
SSDEEP: | 48:8xRdcTgwsH5idAKZdA14tseh7sFiZUkmgqeh7sAy+BX:8xIfUnWy |
MD5: | FA957A42839249A60050FBC13254D738 |
SHA1: | 2430BD680897C6C7ED5C3DE8E33AAE1D2F873416 |
SHA-256: | 05836402BF89E59E70743C61C91A700E3A42A2C84B557E72209AEA60D9FA3E51 |
SHA-512: | E740CE8D1DD875083B6D591C7DD45843F046D010CF6F3FBDDAA26A6193E0B7C764FD3646139E2E265EAF7547EF958B4E8A9F6AA5F63873D3127BC0C5B5D22E49 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.989873490975256 |
Encrypted: | false |
SSDEEP: | 48:871dcTgwQH5idAKZdA1vehDiZUkwqehOy+R:87kfDYy |
MD5: | 0E5763DAE3C2B616CA284E76ACFB9279 |
SHA1: | 9403E16B81A7356A0C4D2EF093207622A4D8F5D0 |
SHA-256: | E22EE70A2E6FFD1509831162DA31DBD531507EF82A0A79DD43B09EF4CBC80E98 |
SHA-512: | 1843DA3507B144BA84431627C1508E6056075685649D06E54D7BD774C5186DCCFA9671ADEB673AA5ADF5907A36D1B7146D130079B68D9A15CE7470C8B2579DB3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.978739411323624 |
Encrypted: | false |
SSDEEP: | 48:8jdcTgwQH5idAKZdA1hehBiZUk1W1qeh8y+C:86fT9cy |
MD5: | E0EF61D965E45B33FC03A294990BDD20 |
SHA1: | D30DD6DE27A1FF6B92BA95A47BF4DDFA24E5E39E |
SHA-256: | BE696E37169677A37DBFEA984F221763EC7ACD3EC3F13DB1B37404642AB524F5 |
SHA-512: | 868CB8306EA6FAB4BD8149AB2823395E0DA4C2ABDA8BEFB8C470B3435D5FCB1C259CA898AC29E5F9D38A52ABDB4FBB8F9E239398ECC82E98AB2E7CB23346ECBE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9907702701426797 |
Encrypted: | false |
SSDEEP: | 48:8WdcTgwQH5idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbWy+yT+:8hfDT/TbxWOvTbWy7T |
MD5: | 428619C8264AAEC05CCE1868E7687783 |
SHA1: | 2C2A4CCA88EEAF065A5770316560FC05FE468921 |
SHA-256: | 09D09A952123F5710FD40FF426361DC4E0309934EE13C331E35C44FDA0F4EEF3 |
SHA-512: | 1EF8DB4EF672CACBE191A2D43E2B258E31B6AB51187B5EC0ECF61BB0F5FD382D49D8724A32E59A238B64DC975DAFDC9C22D0D463287D905FE6344F3EFD4AA259 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 74 |
Entropy (8bit): | 4.2966307302014535 |
Encrypted: | false |
SSDEEP: | 3:yionv//thPlE+tnMusQtlz/qOqTp:6v/lhPfZMuseqFp |
MD5: | 9E24E19B024C44B778301D880BD8E6F4 |
SHA1: | D2B1B39CB4434D34C22C2CF52CBBE9967B1B688E |
SHA-256: | 01B58DDB2F86A768F91751B62F25395417F6CF526191A4AEFC1EBE4F8BEACDCB |
SHA-512: | 4957E24A00B7FF54B350C33392560937E69EE5ACCF2E439781E27B4AC506EEEDDEF3BEBD5D911185ADD175D648F4636DC5116E311B9C6C6ED34B842153E0B124 |
Malicious: | false |
Reputation: | low |
URL: | https://s.viisupport.com/n/827/ozihu7sqiznhw6tfpj2eazqdpnwxoz3xizbfiackizegikq5p7rwm4bnf5mriwl6fftx44sfmihx6olrmnyukq2raalucqdaceuq6j2ymfmu4v2okr4h6y36llbjyjln6kvjbstwivtau6rcynlcqbiosg5j53euulhom3bascmnrq2vi3g35m5ijie623vyomwhbjew4bwv44tbjnewdfz46ldgsafloqvdmtkyirluhakk4izxh6tzllqexofwmtqevihzllkux3k7rbbypnm4j2kukqhuubg3om6u5g6gvfkl4gcbs3fdjb7yu3c576dxbg3rkm3e3oav57gu5dlafhnhgr7aofe5mryxqbfeholwxghjdanxxwgkzskmxbcyhb5iuko43dmnq5izqs3pwrwvghq2ex7g6ssikyehcqfqbhovurpxihuxnsbqoetswfgajccnbhp3w63j5cesjoffibslo |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2024 12:51:09.105190992 CET | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:09.105267048 CET | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:09.245830059 CET | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:14.677541018 CET | 49710 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:14.677578926 CET | 443 | 49710 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:14.677647114 CET | 49710 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:14.677954912 CET | 49711 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:14.677999020 CET | 443 | 49711 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:14.678174973 CET | 49710 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:14.678194046 CET | 443 | 49710 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:14.678211927 CET | 49711 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:14.678469896 CET | 49711 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:14.678483009 CET | 443 | 49711 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.054047108 CET | 443 | 49711 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.054488897 CET | 49711 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:15.054512978 CET | 443 | 49711 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.054883957 CET | 443 | 49710 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.055064917 CET | 49710 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:15.055087090 CET | 443 | 49710 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.055397034 CET | 443 | 49711 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.055478096 CET | 49711 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:15.056307077 CET | 443 | 49710 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.056390047 CET | 49710 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:15.057158947 CET | 49711 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:15.057231903 CET | 443 | 49711 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.057437897 CET | 49711 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:15.057554007 CET | 49710 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:15.057631016 CET | 443 | 49710 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.104240894 CET | 443 | 49711 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.109155893 CET | 49711 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:15.109159946 CET | 49710 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:15.109172106 CET | 443 | 49711 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.109178066 CET | 443 | 49710 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.157346010 CET | 49710 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:15.157360077 CET | 49711 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:15.396838903 CET | 443 | 49711 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.396927118 CET | 443 | 49711 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.396985054 CET | 49711 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:15.454473019 CET | 49711 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:15.454502106 CET | 443 | 49711 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.494833946 CET | 49710 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:15.536233902 CET | 443 | 49710 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.669303894 CET | 443 | 49710 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.669374943 CET | 443 | 49710 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:15.669542074 CET | 49710 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:15.669833899 CET | 49710 | 443 | 192.168.2.5 | 185.98.54.153 |
Mar 29, 2024 12:51:15.669851065 CET | 443 | 49710 | 185.98.54.153 | 192.168.2.5 |
Mar 29, 2024 12:51:17.551229954 CET | 49714 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:51:17.551268101 CET | 443 | 49714 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:51:17.551351070 CET | 49714 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:51:17.551853895 CET | 49714 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:51:17.551867008 CET | 443 | 49714 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:51:17.775069952 CET | 443 | 49714 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:51:17.783233881 CET | 49714 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:51:17.783252954 CET | 443 | 49714 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:51:17.784138918 CET | 443 | 49714 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:51:17.784430981 CET | 49714 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:51:17.802650928 CET | 49714 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:51:17.802781105 CET | 443 | 49714 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:51:17.851223946 CET | 49714 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:51:17.851241112 CET | 443 | 49714 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:51:17.911226988 CET | 49714 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:51:18.083230019 CET | 49715 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:18.083273888 CET | 443 | 49715 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.087404966 CET | 49715 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:18.089694977 CET | 49715 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:18.089709997 CET | 443 | 49715 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.291249037 CET | 443 | 49715 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.291321993 CET | 49715 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:18.297950983 CET | 49715 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:18.297959089 CET | 443 | 49715 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.298171997 CET | 443 | 49715 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.347687960 CET | 49715 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:18.444184065 CET | 49715 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:18.484240055 CET | 443 | 49715 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.539499998 CET | 443 | 49715 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.539597034 CET | 443 | 49715 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.539644957 CET | 49715 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:18.539712906 CET | 49715 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:18.539724112 CET | 443 | 49715 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.539741039 CET | 49715 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:18.539747000 CET | 443 | 49715 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.573837042 CET | 49716 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:18.573879004 CET | 443 | 49716 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.573946953 CET | 49716 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:18.574297905 CET | 49716 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:18.574309111 CET | 443 | 49716 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.707086086 CET | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:18.707098007 CET | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:18.771055937 CET | 443 | 49716 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.771136045 CET | 49716 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:18.772463083 CET | 49716 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:18.772469997 CET | 443 | 49716 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.772692919 CET | 443 | 49716 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.773807049 CET | 49716 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:18.816256046 CET | 443 | 49716 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.847713947 CET | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:18.964281082 CET | 443 | 49716 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.964402914 CET | 443 | 49716 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:18.964447975 CET | 49716 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:19.017246008 CET | 49716 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:19.017271996 CET | 443 | 49716 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:19.017291069 CET | 49716 | 443 | 192.168.2.5 | 23.62.24.116 |
Mar 29, 2024 12:51:19.017297029 CET | 443 | 49716 | 23.62.24.116 | 192.168.2.5 |
Mar 29, 2024 12:51:20.226344109 CET | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Mar 29, 2024 12:51:20.226439953 CET | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:27.772609949 CET | 443 | 49714 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:51:27.772677898 CET | 443 | 49714 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:51:27.772847891 CET | 49714 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:51:29.366101980 CET | 49714 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:51:29.366134882 CET | 443 | 49714 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:51:30.744570017 CET | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:30.745485067 CET | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:30.746678114 CET | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:30.746717930 CET | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Mar 29, 2024 12:51:30.746786118 CET | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:30.747327089 CET | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:30.747342110 CET | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Mar 29, 2024 12:51:30.902107000 CET | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Mar 29, 2024 12:51:30.903026104 CET | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Mar 29, 2024 12:51:31.072320938 CET | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Mar 29, 2024 12:51:31.072396040 CET | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:31.091367006 CET | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:31.091392994 CET | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Mar 29, 2024 12:51:31.091620922 CET | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Mar 29, 2024 12:51:31.091665983 CET | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:31.092128992 CET | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:31.092161894 CET | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Mar 29, 2024 12:51:31.092420101 CET | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:31.092431068 CET | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Mar 29, 2024 12:51:31.458000898 CET | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Mar 29, 2024 12:51:31.458064079 CET | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:31.458471060 CET | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Mar 29, 2024 12:51:31.458534002 CET | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:51:31.458539009 CET | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Mar 29, 2024 12:51:31.458583117 CET | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Mar 29, 2024 12:52:17.491516113 CET | 49726 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:52:17.491548061 CET | 443 | 49726 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:52:17.491627932 CET | 49726 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:52:17.492852926 CET | 49726 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:52:17.492866993 CET | 443 | 49726 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:52:17.700508118 CET | 443 | 49726 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:52:17.701195002 CET | 49726 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:52:17.701210022 CET | 443 | 49726 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:52:17.701541901 CET | 443 | 49726 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:52:17.702893972 CET | 49726 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:52:17.702975035 CET | 443 | 49726 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:52:17.746104002 CET | 49726 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:52:27.706953049 CET | 443 | 49726 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:52:27.707012892 CET | 443 | 49726 | 142.250.31.104 | 192.168.2.5 |
Mar 29, 2024 12:52:27.707063913 CET | 49726 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:52:29.373620987 CET | 49726 | 443 | 192.168.2.5 | 142.250.31.104 |
Mar 29, 2024 12:52:29.373647928 CET | 443 | 49726 | 142.250.31.104 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2024 12:51:13.245939016 CET | 53 | 59568 | 1.1.1.1 | 192.168.2.5 |
Mar 29, 2024 12:51:13.247575998 CET | 53 | 63460 | 1.1.1.1 | 192.168.2.5 |
Mar 29, 2024 12:51:13.881402016 CET | 53 | 54990 | 1.1.1.1 | 192.168.2.5 |
Mar 29, 2024 12:51:14.469367981 CET | 58191 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 29, 2024 12:51:14.469821930 CET | 57146 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 29, 2024 12:51:14.659977913 CET | 53 | 57146 | 1.1.1.1 | 192.168.2.5 |
Mar 29, 2024 12:51:14.676843882 CET | 53 | 58191 | 1.1.1.1 | 192.168.2.5 |
Mar 29, 2024 12:51:17.093385935 CET | 56857 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 29, 2024 12:51:17.093991041 CET | 55039 | 53 | 192.168.2.5 | 1.1.1.1 |
Mar 29, 2024 12:51:17.188723087 CET | 53 | 55039 | 1.1.1.1 | 192.168.2.5 |
Mar 29, 2024 12:51:17.188743114 CET | 53 | 56857 | 1.1.1.1 | 192.168.2.5 |
Mar 29, 2024 12:51:32.346769094 CET | 53 | 58881 | 1.1.1.1 | 192.168.2.5 |
Mar 29, 2024 12:51:51.138238907 CET | 53 | 64172 | 1.1.1.1 | 192.168.2.5 |
Mar 29, 2024 12:52:12.595551014 CET | 53 | 54956 | 1.1.1.1 | 192.168.2.5 |
Mar 29, 2024 12:52:14.047046900 CET | 53 | 62602 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 29, 2024 12:51:14.469367981 CET | 192.168.2.5 | 1.1.1.1 | 0x7266 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 29, 2024 12:51:14.469821930 CET | 192.168.2.5 | 1.1.1.1 | 0xa9d7 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 29, 2024 12:51:17.093385935 CET | 192.168.2.5 | 1.1.1.1 | 0x42d9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 29, 2024 12:51:17.093991041 CET | 192.168.2.5 | 1.1.1.1 | 0xe794 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 29, 2024 12:51:14.676843882 CET | 1.1.1.1 | 192.168.2.5 | 0x7266 | No error (0) | 185.98.54.153 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 12:51:14.676843882 CET | 1.1.1.1 | 192.168.2.5 | 0x7266 | No error (0) | 31.220.27.135 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 12:51:14.676843882 CET | 1.1.1.1 | 192.168.2.5 | 0x7266 | No error (0) | 31.220.27.155 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 12:51:14.676843882 CET | 1.1.1.1 | 192.168.2.5 | 0x7266 | No error (0) | 31.220.27.134 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 12:51:17.188723087 CET | 1.1.1.1 | 192.168.2.5 | 0xe794 | No error (0) | 65 | IN (0x0001) | false | |||
Mar 29, 2024 12:51:17.188743114 CET | 1.1.1.1 | 192.168.2.5 | 0x42d9 | No error (0) | 142.250.31.104 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 12:51:17.188743114 CET | 1.1.1.1 | 192.168.2.5 | 0x42d9 | No error (0) | 142.250.31.99 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 12:51:17.188743114 CET | 1.1.1.1 | 192.168.2.5 | 0x42d9 | No error (0) | 142.250.31.105 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 12:51:17.188743114 CET | 1.1.1.1 | 192.168.2.5 | 0x42d9 | No error (0) | 142.250.31.106 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 12:51:17.188743114 CET | 1.1.1.1 | 192.168.2.5 | 0x42d9 | No error (0) | 142.250.31.103 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 12:51:17.188743114 CET | 1.1.1.1 | 192.168.2.5 | 0x42d9 | No error (0) | 142.250.31.147 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 12:51:29.960778952 CET | 1.1.1.1 | 192.168.2.5 | 0x7f72 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 29, 2024 12:51:29.960778952 CET | 1.1.1.1 | 192.168.2.5 | 0x7f72 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49711 | 185.98.54.153 | 443 | 4564 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 11:51:15 UTC | 1146 | OUT | |
2024-03-29 11:51:15 UTC | 142 | IN | |
2024-03-29 11:51:15 UTC | 74 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49710 | 185.98.54.153 | 443 | 4564 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 11:51:15 UTC | 1075 | OUT | |
2024-03-29 11:51:15 UTC | 105 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49715 | 23.62.24.116 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 11:51:18 UTC | 161 | OUT | |
2024-03-29 11:51:18 UTC | 468 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49716 | 23.62.24.116 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 11:51:18 UTC | 239 | OUT | |
2024-03-29 11:51:18 UTC | 805 | IN | |
2024-03-29 11:51:18 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
4 | 192.168.2.5 | 49721 | 23.1.237.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 11:51:31 UTC | 2148 | OUT | |
2024-03-29 11:51:31 UTC | 1 | OUT | |
2024-03-29 11:51:31 UTC | 2483 | OUT | |
2024-03-29 11:51:31 UTC | 479 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 12:51:09 |
Start date: | 29/03/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 12:51:11 |
Start date: | 29/03/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 12:51:13 |
Start date: | 29/03/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |