Windows
Analysis Report
https://www.snookerandpoolservices.co.uk/wp-admin/user/dd.php
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 4340 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 5352 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2256 --fi eld-trial- handle=220 4,i,259483 0658058363 299,180791 3107444712 400,262144 --disable -features= Optimizati onGuideMod elDownload ing,Optimi zationHint s,Optimiza tionHintsF etching,Op timization TargetPred iction /pr efetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6456 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://www.s nookerandp oolservice s.co.uk/wp -admin/use r/dd.php" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Phishing |
---|
Source: | LLM: |
Source: | LLM: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | phishing |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
ss-corp.conohawing.com | 118.27.122.85 | true | true | unknown | |
www.google.com | 142.250.69.196 | true | false | high | |
www.snookerandpoolservices.co.uk | 46.30.213.169 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
true | unknown | ||
false |
| unknown | |
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
46.30.213.169 | www.snookerandpoolservices.co.uk | Denmark | 51468 | ONECOMDK | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.69.196 | www.google.com | United States | 15169 | GOOGLEUS | false | |
118.27.122.85 | ss-corp.conohawing.com | Japan | 7506 | INTERQGMOInternetIncJP | true |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1438535 |
Start date and time: | 2024-05-08 20:24:02 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://www.snookerandpoolservices.co.uk/wp-admin/user/dd.php |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.phis.win@17/6@6/5 |
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.251.33.99, 173.194.202.84, 142.251.33.110, 34.104.35.123, 13.85.23.86, 199.232.214.172, 192.229.211.108, 13.95.31.18, 20.3.187.198
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: https://www.snookerandpoolservices.co.uk/wp-admin/user/dd.php
Input | Output |
---|---|
URL: https://ss-corp.conohawing.com/d/dk/%C3%85rsrappor/om/sygejournaler/024/9852852000666000556/db/re/ | { "riskscore": 7, "reasons": "The text suggests a 'Forbidden' message, which is often associated with attempted unauthorized access. The URL contains a suspicious domain 'conohawing.com' which does not match the expected domain 'ss-corp.com'. Additionally, the path contains a mix of letters and numbers that do not form a meaningful resource name. These factors indicate a high probability of a phishing or malicious site." }" |
Forbidden You don't have permission to access this resource. | |
URL: https://ss-corp.conohawing.com/d/dk/%C3%85rsrappor/om/sygejournaler/024/9852852000666000556/db/re/ | { "riskscore": 8, "reasons": "The URL provided shows signs of typosquatting, which is a type of cyber attack that relies on creating domain names that are similar to legitimate ones but with slight misspellings or other changes to trick users into visiting them. In this case, the legitimate domain 'ss-corp.com' has been replaced with 'ss-corp.conohawing.com', which is likely an attempt to impersonate the legitimate site. The risk score of 8 indicates a high level of concern, and users should avoid visiting this URL or providing any sensitive information if they do visit it." }" |
https://ss-corp.conohawing.com/d/dk/%C3%85rsrappor/om/sygejournaler/024/9852852000666000556/db/re/ |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 196 |
Entropy (8bit): | 5.098952451791238 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezocKqD:J0+oxBeRmR9etdzRxGez1T |
MD5: | 62962DAA1B19BBCC2DB10B7BFD531EA6 |
SHA1: | D64BAE91091EDA6A7532EBEC06AA70893B79E1F8 |
SHA-256: | 80C3FE2AE1062ABF56456F52518BD670F9EC3917B7F85E152B347AC6B6FAF880 |
SHA-512: | 9002A0475FDB38541E78048709006926655C726E93E823B84E2DBF5B53FD539A5342E7266447D23DB0E5528E27A19961B115B180C94F2272FF124C7E5C8304E7 |
Malicious: | false |
Reputation: | low |
URL: | https://ss-corp.conohawing.com/favicon.ico |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 211 |
Entropy (8bit): | 5.194854532682102 |
Encrypted: | false |
SSDEEP: | 3:nmJYQqRJA/XM2AQezpEHjJMzVJu+1zWNVYj4VyQKTLnK4nGMSKKrDyIEJylNQX/6:KYl8PeKMRJVCNOUjYKuDSRSiQX/5K9 |
MD5: | FA35929C2FCADE9EACA9410EECE6049D |
SHA1: | 37111B197016CD46F5CCB78CA643197AA65FC071 |
SHA-256: | B1B8E614301257D2CC475140EBA625944FEF801206CC1A3AFFE163B07845D531 |
SHA-512: | E697E94716529C1B14066E005BD138E0525E1C218AD4C823650BC60E6E12DB240963CCB96769846BC4B93B9EA3C011D33DE3DE73EBFA3A1E89E562FC67B7811B |
Malicious: | false |
Reputation: | low |
URL: | https://www.snookerandpoolservices.co.uk/wp-admin/user/dd.php |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 199 |
Entropy (8bit): | 5.112530855532291 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwIgsozEr6VyF02xxdGzsQWr+KqD:J0+oxBgsozR4F0+dgsQo+T |
MD5: | BB8F534FBFF5EE61A95AF9C4740AE043 |
SHA1: | 832E403D42AAC1FEC93E4F602338544D3FD2E4F1 |
SHA-256: | 5B13FB5957B84EF7BB9D0B6CD509C947FF6A37D67EFDAC2B896DDD3B908AAD10 |
SHA-512: | EB423CA8E0F3E026A367130044B1857A1368097F9AC3C8FCAA523FA5E2785437FBC328397B5C6582FB0C872CFF44E70CF0120D874D825472806ADC46ACDBFFDD |
Malicious: | false |
Reputation: | low |
URL: | https://ss-corp.conohawing.com/d/dk/%C3%85rsrappor/om/sygejournaler/024/9852852000666000556/db/re/ |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 8, 2024 20:24:43.996891022 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
May 8, 2024 20:24:44.325117111 CEST | 49678 | 443 | 192.168.2.4 | 104.46.162.224 |
May 8, 2024 20:24:53.081543922 CEST | 49736 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.081568956 CEST | 443 | 49736 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:53.081645966 CEST | 49736 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.082003117 CEST | 49737 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.082046986 CEST | 443 | 49737 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:53.082186937 CEST | 49736 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.082201004 CEST | 443 | 49736 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:53.082216024 CEST | 49737 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.082443953 CEST | 49737 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.082456112 CEST | 443 | 49737 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:53.605156898 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
May 8, 2024 20:24:53.711179018 CEST | 443 | 49737 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:53.711772919 CEST | 443 | 49736 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:53.765587091 CEST | 49736 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.765592098 CEST | 49737 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.925358057 CEST | 49736 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.925371885 CEST | 443 | 49736 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:53.925798893 CEST | 49737 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.925826073 CEST | 443 | 49737 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:53.926440954 CEST | 443 | 49736 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:53.926453114 CEST | 443 | 49736 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:53.926496029 CEST | 49736 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.926901102 CEST | 443 | 49737 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:53.926917076 CEST | 443 | 49737 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:53.926950932 CEST | 49737 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.932137012 CEST | 49736 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.932250023 CEST | 443 | 49736 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:53.936110973 CEST | 49737 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.936312914 CEST | 443 | 49737 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:53.938486099 CEST | 49736 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.938491106 CEST | 443 | 49736 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:53.981066942 CEST | 49736 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.981071949 CEST | 49737 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:53.981091022 CEST | 443 | 49737 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:54.035214901 CEST | 49737 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:54.333056927 CEST | 443 | 49736 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:54.333141088 CEST | 443 | 49736 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:54.333194017 CEST | 49736 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:54.335647106 CEST | 49736 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:54.335666895 CEST | 443 | 49736 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:54.491128922 CEST | 49737 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:54.532118082 CEST | 443 | 49737 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:55.187796116 CEST | 49739 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:24:55.187841892 CEST | 443 | 49739 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:24:55.187994957 CEST | 49739 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:24:55.188513994 CEST | 49739 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:24:55.188528061 CEST | 443 | 49739 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:24:55.380584955 CEST | 49740 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:55.380637884 CEST | 443 | 49740 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:55.380705118 CEST | 49740 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:55.381675005 CEST | 49741 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:55.381721020 CEST | 443 | 49741 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:55.381824017 CEST | 49741 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:55.382669926 CEST | 49740 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:55.382683992 CEST | 443 | 49740 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:55.408529043 CEST | 49741 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:55.408544064 CEST | 443 | 49741 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:55.528146982 CEST | 443 | 49739 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:24:55.528554916 CEST | 49739 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:24:55.528590918 CEST | 443 | 49739 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:24:55.529582977 CEST | 443 | 49739 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:24:55.529664993 CEST | 49739 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:24:55.538367987 CEST | 49739 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:24:55.538438082 CEST | 443 | 49739 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:24:55.589288950 CEST | 49739 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:24:55.589324951 CEST | 443 | 49739 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:24:55.637218952 CEST | 49739 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:24:55.649131060 CEST | 443 | 49737 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:55.649234056 CEST | 443 | 49737 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:55.649291039 CEST | 49737 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:55.650516987 CEST | 49737 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:55.650536060 CEST | 443 | 49737 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:55.663556099 CEST | 49742 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:55.663594007 CEST | 443 | 49742 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:55.663681030 CEST | 49742 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:55.664017916 CEST | 49742 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:55.664026976 CEST | 443 | 49742 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:55.893003941 CEST | 49743 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:55.893043041 CEST | 443 | 49743 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:55.893115044 CEST | 49743 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:55.896608114 CEST | 49743 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:55.896619081 CEST | 443 | 49743 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:55.970242023 CEST | 443 | 49740 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:55.986356020 CEST | 443 | 49741 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:56.015719891 CEST | 49740 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:56.026655912 CEST | 49741 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:56.114854097 CEST | 49740 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:56.114875078 CEST | 443 | 49740 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:56.116131067 CEST | 443 | 49740 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:56.116209030 CEST | 49740 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:56.117786884 CEST | 49741 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:56.117808104 CEST | 443 | 49741 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:56.118976116 CEST | 443 | 49741 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:56.119040966 CEST | 49741 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:56.169018984 CEST | 49740 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:56.169131994 CEST | 443 | 49740 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:56.169698954 CEST | 49741 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:56.169812918 CEST | 443 | 49741 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:56.170988083 CEST | 49740 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:56.171000957 CEST | 443 | 49740 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:56.217276096 CEST | 49740 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:56.217279911 CEST | 49741 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:56.217302084 CEST | 443 | 49741 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:56.230170965 CEST | 443 | 49743 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:56.230259895 CEST | 49743 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:56.232754946 CEST | 49743 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:56.232772112 CEST | 443 | 49743 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:56.233028889 CEST | 443 | 49743 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:56.265625000 CEST | 49741 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:56.276014090 CEST | 49743 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:56.291207075 CEST | 443 | 49742 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:56.291482925 CEST | 49742 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:56.291496038 CEST | 443 | 49742 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:56.291779995 CEST | 443 | 49742 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:56.292068958 CEST | 49742 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:56.292143106 CEST | 443 | 49742 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:56.292206049 CEST | 49742 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:56.320120096 CEST | 443 | 49743 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:56.336121082 CEST | 443 | 49742 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:56.551146030 CEST | 443 | 49740 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:56.551232100 CEST | 443 | 49740 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:56.551301003 CEST | 49740 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:56.551563025 CEST | 443 | 49743 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:56.551660061 CEST | 443 | 49743 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:56.551716089 CEST | 49743 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:56.551742077 CEST | 49743 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:56.551742077 CEST | 49743 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:56.551753998 CEST | 443 | 49743 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:56.551760912 CEST | 443 | 49743 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:56.552382946 CEST | 49740 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:56.552401066 CEST | 443 | 49740 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:56.588352919 CEST | 49744 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:56.588382959 CEST | 443 | 49744 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:56.588527918 CEST | 49744 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:56.588814974 CEST | 49744 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:56.588826895 CEST | 443 | 49744 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:56.796535969 CEST | 49741 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:56.801481962 CEST | 49742 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:56.801575899 CEST | 443 | 49742 | 46.30.213.169 | 192.168.2.4 |
May 8, 2024 20:24:56.801687956 CEST | 49742 | 443 | 192.168.2.4 | 46.30.213.169 |
May 8, 2024 20:24:56.844116926 CEST | 443 | 49741 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:56.917778015 CEST | 443 | 49744 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:56.917844057 CEST | 49744 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:56.949897051 CEST | 49744 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:56.949914932 CEST | 443 | 49744 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:56.950133085 CEST | 443 | 49744 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:56.954334974 CEST | 49744 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:57.000106096 CEST | 443 | 49744 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:57.085489988 CEST | 443 | 49741 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:57.085573912 CEST | 443 | 49741 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:57.085691929 CEST | 49741 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:57.089287043 CEST | 49741 | 443 | 192.168.2.4 | 118.27.122.85 |
May 8, 2024 20:24:57.089306116 CEST | 443 | 49741 | 118.27.122.85 | 192.168.2.4 |
May 8, 2024 20:24:57.256488085 CEST | 443 | 49744 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:57.256628990 CEST | 443 | 49744 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:57.256680012 CEST | 49744 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:57.258584023 CEST | 49744 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:57.258599043 CEST | 443 | 49744 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:24:57.258609056 CEST | 49744 | 443 | 192.168.2.4 | 104.125.88.106 |
May 8, 2024 20:24:57.258614063 CEST | 443 | 49744 | 104.125.88.106 | 192.168.2.4 |
May 8, 2024 20:25:05.523902893 CEST | 443 | 49739 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:25:05.523964882 CEST | 443 | 49739 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:25:05.524012089 CEST | 49739 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:25:06.987200022 CEST | 49739 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:25:06.987224102 CEST | 443 | 49739 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:25:55.456069946 CEST | 49753 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:25:55.456096888 CEST | 443 | 49753 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:25:55.456213951 CEST | 49753 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:25:55.456496954 CEST | 49753 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:25:55.456511974 CEST | 443 | 49753 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:25:55.791310072 CEST | 443 | 49753 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:25:55.791802883 CEST | 49753 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:25:55.791817904 CEST | 443 | 49753 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:25:55.792109013 CEST | 443 | 49753 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:25:55.792649031 CEST | 49753 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:25:55.792706966 CEST | 443 | 49753 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:25:55.839468002 CEST | 49753 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:26:03.261480093 CEST | 49723 | 80 | 192.168.2.4 | 23.32.75.35 |
May 8, 2024 20:26:03.261542082 CEST | 49724 | 80 | 192.168.2.4 | 23.32.75.41 |
May 8, 2024 20:26:03.424012899 CEST | 80 | 49723 | 23.32.75.35 | 192.168.2.4 |
May 8, 2024 20:26:03.424038887 CEST | 80 | 49724 | 23.32.75.41 | 192.168.2.4 |
May 8, 2024 20:26:03.424083948 CEST | 49723 | 80 | 192.168.2.4 | 23.32.75.35 |
May 8, 2024 20:26:03.424118042 CEST | 49724 | 80 | 192.168.2.4 | 23.32.75.41 |
May 8, 2024 20:26:05.783339024 CEST | 443 | 49753 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:26:05.783413887 CEST | 443 | 49753 | 142.250.69.196 | 192.168.2.4 |
May 8, 2024 20:26:05.783572912 CEST | 49753 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:26:06.981710911 CEST | 49753 | 443 | 192.168.2.4 | 142.250.69.196 |
May 8, 2024 20:26:06.981733084 CEST | 443 | 49753 | 142.250.69.196 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 8, 2024 20:24:50.950804949 CEST | 53 | 58181 | 1.1.1.1 | 192.168.2.4 |
May 8, 2024 20:24:50.968162060 CEST | 53 | 63701 | 1.1.1.1 | 192.168.2.4 |
May 8, 2024 20:24:51.900156021 CEST | 53 | 57625 | 1.1.1.1 | 192.168.2.4 |
May 8, 2024 20:24:52.475159883 CEST | 52826 | 53 | 192.168.2.4 | 1.1.1.1 |
May 8, 2024 20:24:52.475322962 CEST | 65240 | 53 | 192.168.2.4 | 1.1.1.1 |
May 8, 2024 20:24:52.964757919 CEST | 53 | 65240 | 1.1.1.1 | 192.168.2.4 |
May 8, 2024 20:24:53.080737114 CEST | 53 | 52826 | 1.1.1.1 | 192.168.2.4 |
May 8, 2024 20:24:54.482659101 CEST | 55334 | 53 | 192.168.2.4 | 1.1.1.1 |
May 8, 2024 20:24:54.482863903 CEST | 55418 | 53 | 192.168.2.4 | 1.1.1.1 |
May 8, 2024 20:24:54.999023914 CEST | 56544 | 53 | 192.168.2.4 | 1.1.1.1 |
May 8, 2024 20:24:54.999191999 CEST | 64814 | 53 | 192.168.2.4 | 1.1.1.1 |
May 8, 2024 20:24:55.036381006 CEST | 53 | 55418 | 1.1.1.1 | 192.168.2.4 |
May 8, 2024 20:24:55.164169073 CEST | 53 | 64814 | 1.1.1.1 | 192.168.2.4 |
May 8, 2024 20:24:55.164329052 CEST | 53 | 56544 | 1.1.1.1 | 192.168.2.4 |
May 8, 2024 20:24:55.374753952 CEST | 53 | 55334 | 1.1.1.1 | 192.168.2.4 |
May 8, 2024 20:25:10.123888969 CEST | 53 | 63735 | 1.1.1.1 | 192.168.2.4 |
May 8, 2024 20:25:14.848390102 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
May 8, 2024 20:25:29.264647961 CEST | 53 | 55523 | 1.1.1.1 | 192.168.2.4 |
May 8, 2024 20:25:50.505873919 CEST | 53 | 65206 | 1.1.1.1 | 192.168.2.4 |
May 8, 2024 20:25:52.265666008 CEST | 53 | 54183 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 8, 2024 20:24:52.475159883 CEST | 192.168.2.4 | 1.1.1.1 | 0x1521 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 8, 2024 20:24:52.475322962 CEST | 192.168.2.4 | 1.1.1.1 | 0x5b63 | Standard query (0) | 65 | IN (0x0001) | false | |
May 8, 2024 20:24:54.482659101 CEST | 192.168.2.4 | 1.1.1.1 | 0x1d77 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 8, 2024 20:24:54.482863903 CEST | 192.168.2.4 | 1.1.1.1 | 0xd526 | Standard query (0) | 65 | IN (0x0001) | false | |
May 8, 2024 20:24:54.999023914 CEST | 192.168.2.4 | 1.1.1.1 | 0xdf0f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 8, 2024 20:24:54.999191999 CEST | 192.168.2.4 | 1.1.1.1 | 0x800b | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 8, 2024 20:24:53.080737114 CEST | 1.1.1.1 | 192.168.2.4 | 0x1521 | No error (0) | 46.30.213.169 | A (IP address) | IN (0x0001) | false | ||
May 8, 2024 20:24:55.164169073 CEST | 1.1.1.1 | 192.168.2.4 | 0x800b | No error (0) | 65 | IN (0x0001) | false | |||
May 8, 2024 20:24:55.164329052 CEST | 1.1.1.1 | 192.168.2.4 | 0xdf0f | No error (0) | 142.250.69.196 | A (IP address) | IN (0x0001) | false | ||
May 8, 2024 20:24:55.374753952 CEST | 1.1.1.1 | 192.168.2.4 | 0x1d77 | No error (0) | 118.27.122.85 | A (IP address) | IN (0x0001) | false | ||
May 8, 2024 20:25:07.420063019 CEST | 1.1.1.1 | 192.168.2.4 | 0x6838 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
May 8, 2024 20:25:07.420063019 CEST | 1.1.1.1 | 192.168.2.4 | 0x6838 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
May 8, 2024 20:25:07.935108900 CEST | 1.1.1.1 | 192.168.2.4 | 0x4fc2 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 8, 2024 20:25:07.935108900 CEST | 1.1.1.1 | 192.168.2.4 | 0x4fc2 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
May 8, 2024 20:25:21.162476063 CEST | 1.1.1.1 | 192.168.2.4 | 0x1203 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 8, 2024 20:25:21.162476063 CEST | 1.1.1.1 | 192.168.2.4 | 0x1203 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
May 8, 2024 20:25:44.363631964 CEST | 1.1.1.1 | 192.168.2.4 | 0x110f | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 8, 2024 20:25:44.363631964 CEST | 1.1.1.1 | 192.168.2.4 | 0x110f | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
May 8, 2024 20:26:03.613409042 CEST | 1.1.1.1 | 192.168.2.4 | 0x8b9b | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 8, 2024 20:26:03.613409042 CEST | 1.1.1.1 | 192.168.2.4 | 0x8b9b | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49736 | 46.30.213.169 | 443 | 5352 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:24:53 UTC | 695 | OUT | |
2024-05-08 18:24:54 UTC | 315 | IN | |
2024-05-08 18:24:54 UTC | 211 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49737 | 46.30.213.169 | 443 | 5352 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:24:54 UTC | 640 | OUT | |
2024-05-08 18:24:55 UTC | 478 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49740 | 118.27.122.85 | 443 | 5352 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:24:56 UTC | 770 | OUT | |
2024-05-08 18:24:56 UTC | 163 | IN | |
2024-05-08 18:24:56 UTC | 199 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49743 | 104.125.88.106 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:24:56 UTC | 161 | OUT | |
2024-05-08 18:24:56 UTC | 466 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49742 | 46.30.213.169 | 443 | 5352 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:24:56 UTC | 672 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49741 | 118.27.122.85 | 443 | 5352 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:24:56 UTC | 667 | OUT | |
2024-05-08 18:24:57 UTC | 163 | IN | |
2024-05-08 18:24:57 UTC | 196 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49744 | 104.125.88.106 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-08 18:24:56 UTC | 239 | OUT | |
2024-05-08 18:24:57 UTC | 538 | IN | |
2024-05-08 18:24:57 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 20:24:47 |
Start date: | 08/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 20:24:49 |
Start date: | 08/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 20:24:51 |
Start date: | 08/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |