Windows
Analysis Report
http://172.104.75.98/owa/
Overview
Detection
Score: | 92 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 6580 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 5760 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2268 --fi eld-trial- handle=221 2,i,177216 4169852167 0201,16647 7883871403 87624,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 1100 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://172.10 4.75.98/ow a/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security | ||
JoeSecurity_OutlookPhishing | Yara detected Outlook Phishing page | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Phishing |
---|
Source: | LLM: |
Source: | Matcher: |
Source: | File source: |
Source: | LLM: |
Source: | Matcher: |
Source: | File source: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing | ||
100% | Avira URL Cloud | phishing |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
www.google.com | 216.58.212.164 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true | unknown | ||
true | unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
172.104.75.98 | unknown | United States | 63949 | LINODE-APLinodeLLCUS | false | |
216.58.212.164 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.6 |
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1446883 |
Start date and time: | 2024-05-24 00:29:23 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 18s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://172.104.75.98/owa/ |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal92.phis.win@16/8@2/5 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.186.131, 142.250.186.142, 173.194.76.84, 34.104.35.123, 172.217.18.106, 142.250.186.74, 172.217.23.106, 142.250.181.234, 142.250.185.202, 142.250.186.138, 172.217.16.138, 142.250.186.42, 172.217.18.10, 142.250.186.170, 142.250.184.202, 216.58.212.170, 216.58.206.74, 172.217.16.202, 142.250.186.106, 142.250.74.202, 13.85.23.86, 199.232.210.172, 192.229.221.95, 52.165.164.15, 20.3.187.198, 13.85.23.206, 142.250.186.35
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: http://172.104.75.98/owa/
Input | Output |
---|---|
URL: http://172.104.75.98/owa/auth/logon.aspx?replaceCurrent=1 Model: gpt-4o | ```json { "riskscore": 7, "reasons": "The code attempts to create ActiveX objects, which can be a security risk as they can execute arbitrary code on the user's machine. This is particularly concerning for non-IE browsers where ActiveX is not supported. Additionally, the use of document.write can lead to cross-site scripting (XSS) vulnerabilities." } |
var a_fRC = 1; var g_fFcs = 1; var a_fLOff = 0; var a_fCAC = 0; var a_fEnbSMm = 0; /// <summary> /// Is Mime Control installed? /// </summary> function IsMimeCtlInst(progid) { if (!a_fEnbSMm) return false; var oMimeVer = null; try { // TODO: ingore this on none IE browser // //oMimeVer = new ActiveXObject(progid); } catch (e) { } if (oMimeVer != null) return true; else return false; } /// <summary> /// Render out the S-MIME control if it is installed. /// </summary> function RndMimeCtl() { if (IsMimeCtlInst("MimeBhvr.MimeCtlVer")) RndMimeCtlHlpr("MimeNSe2k3", "D801B381-B81D-47a7-8EC4-EFC111666AC0", "MIMEe2k3", "mimeLogoffE2k3"); if (IsMimeCtlInst("OwaSMime.MimeCtlVer")) RndMimeCtlHlpr("MimeNSe2k7sp1", "833aa5fb-7aca-4708-9d7b-c982bf57469a", "MIMEe2k7sp1", "mimeLogoffE2k7sp1"); if (IsMimeCtlInst("OwaSMime2.MimeCtlVer")) RndMimeCtlHlpr("MimeNSe2k9", "4F40839A-C1E5-47E3-804D-A2A17F42DA21", "MIMEe2k9", "mimeLogoffE2k9"); } /// <summary> /// Helper function to factor out the rendering of the S/MIME control. /// </summary> function RndMimeCtlHlpr(objid, classid, ns, id) { document.write("<OBJECT id='" + objid + "' classid='CLSID:" + classid + "'></OBJECT>"); document.write("<?IMPORT namespace='" + ns + "' implementation=#" + objid + ">"); document.write("<" + ns + ":Logoff id='" + id + "' style='display:none'/>"); } --> | |
URL: http://172.104.75.98/owa/auth/logon.aspx?replaceCurrent=1 Model: gpt-4o | ```json { "riskscore": 2, "reasons": "The provided JavaScript code primarily deals with UI elements such as placeholders and password visibility toggling. There is no evident malicious behavior such as data exfiltration or unauthorized access. However, the use of 'document.write' to insert a meta tag could be considered a minor risk due to potential for misuse in other contexts." } |
var mainLogonDiv = window.document.getElementById("mainLogonDiv"); var showPlaceholderText = false; var mainLogonDivClassName = 'mouse'; if (mainLogonDivClassName == "tnarrow") { showPlaceholderText = true; // Output meta tag for viewport scaling document.write('<meta name="viewport" content="width = 320, initial-scale = 1.0, user-scalable = no" />'); } else if (mainLogonDivClassName == "twide"){ showPlaceholderText = true; } function setPlaceholderText() { window.document.getElementById("username").placeholder = "domain\\user name"; window.document.getElementById("password").placeholder = "Password"; window.document.getElementById("passwordText").placeholder = "Password"; } function showPasswordClick() { var showPassword = window.document.getElementById("showPasswordCheck").checked; passwordElement = window.document.getElementById("password"); passwordTextElement = window.document.getElementById("passwordText"); if (showPassword) { passwordTextElement.value = passwordElement.value; passwordElement.style.display = "none"; passwordTextElement.style.display = "inline"; passwordTextElement.focus(); } else { passwordElement.value = passwordTextElement.value; passwordTextElement.style.display = "none"; passwordTextElement.value = ""; passwordElement.style.display = "inline"; passwordElement.focus(); } } | |
URL: http://172.104.75.98/owa/auth/logon.aspx?replaceCurrent=1 Model: gpt-4o | ```json { "riskscore": 1, "reasons": "The provided JavaScript code appears to be part of a legitimate logon page, likely for a Microsoft service, given the copyright notice and the context of the code. The code handles user authentication, cookie management, and browser compatibility checks. There are no obvious signs of malicious activity such as data exfiltration, keylogging, or unauthorized access attempts. The only potential risk is the handling of cookies and user input, which could be exploited if not properly secured, but this is a common aspect of logon pages and does not inherently indicate malicious intent." } |
// flogon.js // // This file contains the script used by Logon.aspx // //Copyright (c) 2003-2006 Microsoft Corporation. All rights reserved. /// <summary> /// OnLoad handler for logon page /// </summary> window.onload = function () { // If we are replacing the current window with the logon page, initialize the logon page UI now // if (a_fRC) initLogon(); // Otherwise we need to find the window to replace with the logon page and redirect that window // else redir(); }; /// <summary> /// Initializes the logon page /// </summary> function initLogon() { try { // // we don't call document.execCommand("ClearAuthenticationCache","false"); anymore. As a part of the Pending-Notification // infrastructure, we are making a change to make sure startpage does not get loaded more than once. This solution is cookie // based. This execCommand was clearing all cookies in the scenario when a user logged on from a child window during an // FBA timeout. We do not want that to happen anymore. If this breaks anything, we may need to consider a different solution. // // Old Comments: // If the "Clear the Authentication Cache" flag is set to true and // we are coming from the logoff page , clear the cache. See bug 41770 and 5840 for details. // // Logoff the S-Mime control. // LogoffMime(); } catch (e) { } // Check for username cookie // var re = /(^|; )logondata=acc=([0|1])&lgn=([^;]+)(;|$)/; var rg = re.exec(document.cookie); if (rg) { // Fill in username, set security to private, and restore the "use basic" selection // gbid("username").value = rg[3]; try { var signInErrorElement = gbid("signInErrorDiv"); if (signInErrorElement) { signInErrorElement.focus(); } else { gbid("password").focus(); } } catch (e) {} if (gbid("chkPrvt") && !gbid("chkPrvt").checked) { gbid("chkPrvt").click(); } if (rg[2] == "1" && gbid("chkBsc")) // chkBsc doesn't exist if the request comes from ECP gbid("chkBsc").click(); } else { // The variable g_fFcs is set to false when the password gains focus, // so that we don't accidentally set focus to the username field while // the user is typing their password // if (g_fFcs) { try { gbid("username").focus(); } catch (e) { } } } // OWA Premium currently supports // IE 7+, Safari 3+, Firefox 3+ for Windows / Mac if (IsOwaPremiumBrowser() && gbid("chkBsc")) // chkBsc doesn't exist if the request comes from ECP gbid("chkBsc").disabled = false; // Are coo | |
URL: http://172.104.75.98/owa/auth/logon.aspx?replaceCurrent=1 Model: gpt-4o | ```json { "phishing_score": 9, "brands": "Outlook", "phishing": true, "suspicious_domain": true, "has_loginform": true, "has_captcha": false, "setechniques": true, "reasons": "The URL uses an IP address instead of a domain name, which is a common tactic in phishing attacks. The page mimics the Outlook login page, which is a well-known brand, to deceive users into entering their credentials. The legitimate Outlook login page would typically be hosted on a domain like 'outlook.com' or 'office.com', not an IP address." } |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.979928830690258 |
Encrypted: | false |
SSDEEP: | 48:8pyodwT0oRHAZidAKZdA19ehwiZUklqehOy+3:8YfCrVy |
MD5: | 708BC99B7BCAA7BBAAD6E2C10AB96EB3 |
SHA1: | 7FFEABDBB702E22685EAE0A65524DA6C06B933A0 |
SHA-256: | 5C079BC5DAF93359874CAD400F8F31FF2CBD876312F00970F799FB7FF8353586 |
SHA-512: | 3C675BCFC2012D2DF453370998E374C1270658E76AC276AF67DF86670AC84A83BF2D47BEBCBD5D6FDC2705626488DEBA956574846E1F0335C71A69F9A0C0C6AB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9950618790746595 |
Encrypted: | false |
SSDEEP: | 48:8nVodwT0oRHAZidAKZdA1weh/iZUkAQkqehFy+2:8n9fCZ9QMy |
MD5: | 9625F9FBD22B65B2E8E8229F711120F5 |
SHA1: | 2017D78B973A76CE2EAA75C9F29818405DCCF79E |
SHA-256: | 5612B0015CE6DB69634263D96653C32D2D8556DEC9CD4D566CB96337E855E97F |
SHA-512: | E9935D6E9C5E19835FD12E03C0A329D662E4915FFFB9E14057B36A0A6FF97063FD011DFBAE15E6817CD5A05D6E3692A5676814611A9B90F7B81B6FAAFBC9A926 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.008186684215876 |
Encrypted: | false |
SSDEEP: | 48:8xxdwT0osHAZidAKZdA14tseh7sFiZUkmgqeh7sTy+BX:8xUfvpnRy |
MD5: | A7868F9277AE3EE985AF5E0B145859A8 |
SHA1: | 321BB73C8CA1ED5FF0FDC3DC9E52029237940671 |
SHA-256: | 50813B23BD34A1635A163864DB1CF926C0862372FF644DAA41DB60D2C88332BD |
SHA-512: | B17A44A3DC2DFA72ECFCF082CF72D19D91843D0E98D3CFA8C82416501165E263CD5BB86F59EF5E948C692DC21FCDD8CBBCDA8993D3148DCE3A11A11F587E9179 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.995128258655382 |
Encrypted: | false |
SSDEEP: | 48:8dodwT0oRHAZidAKZdA1vehDiZUkwqeh5y+R:8FfC6by |
MD5: | 7A0ED0FF8874B9777A72E600F89A496C |
SHA1: | 69C5C346814B2E53A2FE1ECC0BE79B5242D89A3A |
SHA-256: | 9F6A090965C95F83883CB368AEE58E27DB3D3F344D0DBF619228FF616A8B9A8C |
SHA-512: | BC8D77EA22B156450F9701AF1AE9EA918E4E3DCB9BB899092BF8F0E53B6CEEF94B9460249962F976F380D2992E7D68E187705B0AC4F3155F9283E57CA516016D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9816910787129696 |
Encrypted: | false |
SSDEEP: | 48:884odwT0oRHAZidAKZdA1hehBiZUk1W1qeh/y+C:88UfC69fy |
MD5: | CC4D4D7B4995D9FD0166B9D0903A00CA |
SHA1: | 6514D929D4B0E3C67F3DEC0C4ECF29A2DC5A6162 |
SHA-256: | DE1C0A271B358B62D1DC99E6A5F4E6927D4881AC35A9A3D95ACA1C463BA8ADE8 |
SHA-512: | 94CDC2405D5C103AA2B904439B18CDAAA5ECE2A325807D21E33ED015BF04F86449E6B676AD55BB2F1C24A0FA12A2D5565385D16919A5DFD01BDF75122EBC67EB |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.992744311690749 |
Encrypted: | false |
SSDEEP: | 48:8HvodwT0oRHAZidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbRy+yT+:8HzfCET/TbxWOvTbRy7T |
MD5: | 3F26B646B7E06AB89220815D6F30932C |
SHA1: | 00C142E422EC7807B66E3007CD7A42F000B031FF |
SHA-256: | FDE4AB4E3AD27A3282D24FC7600A512FF5102200B7765F03FB0A135DFF586DC2 |
SHA-512: | DC233E6AE6D321346487F1CABD37566AF9E3C25667ED918192C3C32D1679702319317A1BE01A616C76EF642AFFF7237F7880E950D094E1718E8ADA6FABFAED2C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 40 |
Entropy (8bit): | 4.327567157116928 |
Encrypted: | false |
SSDEEP: | 3:mSryoSbSsvVXyY:mSrFSbScVXL |
MD5: | C561EA20923CC4A7C28FC7CBD47B7B27 |
SHA1: | 2B9BEB9F18C67725EF563E8D4997075EE7FABC14 |
SHA-256: | CF4C2F20FC4CD264541BDAAC94B46C06A6751D614518E1185C00DEF57B835C74 |
SHA-512: | 297F50815FA0FD8EA470E00250E3BE61529589608AC428D3D029892202B11420F394DECE84F98861AC544DE7075940ACFCCB5C93FD47E2522B0CCBB1B383DCD4 |
Malicious: | false |
Reputation: | low |
URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISHgnNN4asAs632hIFDeeNQA4SBQ3OQUx6EgUNTx8adg==?alt=proto |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 24, 2024 00:30:09.184849024 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 00:30:09.200459003 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 00:30:09.294317961 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 00:30:18.650712013 CEST | 49709 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:18.651088953 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:18.685429096 CEST | 80 | 49709 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:18.685548067 CEST | 49709 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:18.685722113 CEST | 49709 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:18.689642906 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:18.689724922 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:18.697190046 CEST | 80 | 49709 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:18.818032980 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 00:30:18.818032980 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 00:30:18.895237923 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 00:30:19.492237091 CEST | 80 | 49709 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.492249012 CEST | 80 | 49709 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.492475033 CEST | 49709 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.494026899 CEST | 49709 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.495038986 CEST | 49711 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:30:19.495069027 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.495080948 CEST | 443 | 49711 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:30:19.495167971 CEST | 49711 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:30:19.495363951 CEST | 49711 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:30:19.495378971 CEST | 443 | 49711 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:30:19.508152008 CEST | 80 | 49709 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.508167028 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.765149117 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.765168905 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.765253067 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.765350103 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.765371084 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.765383005 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.765430927 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.765846968 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.765882015 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.765892029 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.765924931 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.765963078 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.766375065 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.769838095 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.770018101 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.774724007 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.828587055 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.933593988 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.934180975 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.934253931 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.935801029 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.937397003 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.937458992 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.939016104 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.939033031 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.939117908 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.942208052 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.943789959 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.943803072 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.943866968 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.947021961 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.947036028 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.947093010 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.948263884 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.948277950 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.948329926 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.950849056 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.950861931 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.950920105 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.953377008 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.953389883 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.953490019 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.955974102 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.955986023 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.955997944 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:19.956057072 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:19.956087112 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:20.039371967 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.040148973 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.040267944 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:20.101978064 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.102492094 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.102518082 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.102701902 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:20.103122950 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.103183031 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:20.103351116 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.103704929 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.103745937 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:20.105071068 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.105839014 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.105895996 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:20.106755972 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.107115984 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.107127905 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.107137918 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.107181072 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:20.107223034 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:20.107786894 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.108099937 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.108154058 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:20.108803988 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.112992048 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.113018990 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:20.113069057 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:20.113089085 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:20.401099920 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:20.428668976 CEST | 49714 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:20.702711105 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:20.727550030 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:21.225905895 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:21.225964069 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:21.235100031 CEST | 443 | 49711 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:30:21.235399008 CEST | 49711 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:30:21.235430002 CEST | 443 | 49711 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:30:21.236681938 CEST | 443 | 49711 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:30:21.236772060 CEST | 49711 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:30:21.317775011 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:21.328604937 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:21.328660965 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:21.332915068 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
May 24, 2024 00:30:21.332926989 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
May 24, 2024 00:30:21.332995892 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 00:30:21.333369017 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:21.333415985 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:21.333420992 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
May 24, 2024 00:30:21.333442926 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:21.333467960 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 00:30:21.337650061 CEST | 80 | 49714 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:21.337673903 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:21.337683916 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:21.337769985 CEST | 49714 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:21.337793112 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:21.337815046 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:21.339291096 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:21.435693979 CEST | 80 | 49710 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:21.435887098 CEST | 49710 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:21.438673973 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:21.622643948 CEST | 49711 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:30:21.622873068 CEST | 443 | 49711 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:30:21.670743942 CEST | 49711 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:30:21.670773983 CEST | 443 | 49711 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:30:21.711327076 CEST | 49711 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:30:22.047116041 CEST | 49717 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:22.047147036 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:22.047278881 CEST | 49717 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:22.049900055 CEST | 49717 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:22.049915075 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:22.201230049 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.202843904 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.202917099 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.206053972 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.209315062 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.209335089 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.209393978 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.215761900 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.215832949 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.218991995 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.219007015 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.219017982 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.219052076 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.225440979 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.225508928 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.383430004 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.388463020 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.388545990 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.394161940 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.397979021 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.398068905 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.411708117 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.411724091 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.411766052 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.430367947 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.430386066 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.430453062 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.432898998 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.437922001 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.438107014 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.454574108 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.460768938 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.460844040 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.471710920 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.471730947 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.471772909 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.477235079 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.477252960 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.477307081 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.482717037 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.482732058 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.482779026 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.559107065 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.559154034 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.559248924 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.577559948 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.586699963 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.586765051 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.603674889 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.605452061 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.605468988 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.605483055 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.605510950 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.605540991 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.607158899 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.607175112 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.607235909 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.608726978 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.608748913 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.608998060 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.610256910 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.610275030 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.610290051 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.610318899 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.612494946 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.612509966 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.612554073 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.613900900 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.614702940 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.614718914 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.614751101 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.614769936 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.616151094 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.617726088 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.741337061 CEST | 49715 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.747854948 CEST | 80 | 49715 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.750509024 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:22.750575066 CEST | 49717 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:22.837452888 CEST | 49717 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:22.837471962 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:22.837840080 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:22.859321117 CEST | 49714 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:22.866319895 CEST | 80 | 49714 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:22.880126953 CEST | 49717 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:22.992398024 CEST | 49717 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:23.034509897 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:23.140842915 CEST | 80 | 49714 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:23.141148090 CEST | 80 | 49714 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:23.141200066 CEST | 49714 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:23.141968966 CEST | 80 | 49714 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:23.142760038 CEST | 80 | 49714 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:23.142776012 CEST | 80 | 49714 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:23.142813921 CEST | 49714 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:23.144423962 CEST | 80 | 49714 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:23.144624949 CEST | 49714 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:23.146867990 CEST | 80 | 49714 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:23.146888018 CEST | 80 | 49714 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:23.146900892 CEST | 80 | 49714 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:23.146940947 CEST | 49714 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:23.146961927 CEST | 49714 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:23.147048950 CEST | 49714 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:23.183222055 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:23.183303118 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:23.183361053 CEST | 49717 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:23.183564901 CEST | 49717 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:23.183579922 CEST | 443 | 49717 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:23.196209908 CEST | 80 | 49714 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:23.214215040 CEST | 49718 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:23.214242935 CEST | 443 | 49718 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:23.214324951 CEST | 49718 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:23.214718103 CEST | 49718 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:23.214728117 CEST | 443 | 49718 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:23.418775082 CEST | 49719 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:23.425146103 CEST | 80 | 49719 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:23.425244093 CEST | 49719 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:23.431171894 CEST | 49719 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:23.481937885 CEST | 80 | 49719 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:23.931528091 CEST | 443 | 49718 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:23.931595087 CEST | 49718 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:23.934408903 CEST | 49718 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:23.934427023 CEST | 443 | 49718 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:23.934710979 CEST | 443 | 49718 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:23.936872005 CEST | 49718 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:23.978493929 CEST | 443 | 49718 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:24.222707987 CEST | 443 | 49718 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:24.222786903 CEST | 443 | 49718 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:24.222834110 CEST | 49718 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:24.224698067 CEST | 49718 | 443 | 192.168.2.5 | 184.28.90.27 |
May 24, 2024 00:30:24.224716902 CEST | 443 | 49718 | 184.28.90.27 | 192.168.2.5 |
May 24, 2024 00:30:24.242419958 CEST | 80 | 49719 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:24.243861914 CEST | 80 | 49719 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:24.243932009 CEST | 49719 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:24.246993065 CEST | 80 | 49719 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:24.247028112 CEST | 80 | 49719 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:24.247083902 CEST | 49719 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:24.252990007 CEST | 80 | 49719 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:24.256006002 CEST | 80 | 49719 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:24.256055117 CEST | 49719 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:24.259366989 CEST | 80 | 49719 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:24.259403944 CEST | 80 | 49719 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:24.259490013 CEST | 49719 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:24.259912014 CEST | 49719 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:24.264094114 CEST | 80 | 49719 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:24.264148951 CEST | 49719 | 80 | 192.168.2.5 | 172.104.75.98 |
May 24, 2024 00:30:24.268892050 CEST | 80 | 49719 | 172.104.75.98 | 192.168.2.5 |
May 24, 2024 00:30:30.073903084 CEST | 443 | 49711 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:30:30.073977947 CEST | 443 | 49711 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:30:30.074023962 CEST | 49711 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:30:31.442706108 CEST | 49711 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:30:31.442739010 CEST | 443 | 49711 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:31:19.561458111 CEST | 49729 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:31:19.561558962 CEST | 443 | 49729 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:31:19.561650991 CEST | 49729 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:31:19.562654018 CEST | 49729 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:31:19.562695980 CEST | 443 | 49729 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:31:20.272972107 CEST | 443 | 49729 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:31:20.273490906 CEST | 49729 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:31:20.273561001 CEST | 443 | 49729 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:31:20.274699926 CEST | 443 | 49729 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:31:20.275046110 CEST | 49729 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:31:20.275232077 CEST | 443 | 49729 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:31:20.316442966 CEST | 49729 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:31:30.162370920 CEST | 443 | 49729 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:31:30.162445068 CEST | 443 | 49729 | 216.58.212.164 | 192.168.2.5 |
May 24, 2024 00:31:30.162496090 CEST | 49729 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:31:31.443675995 CEST | 49729 | 443 | 192.168.2.5 | 216.58.212.164 |
May 24, 2024 00:31:31.443748951 CEST | 443 | 49729 | 216.58.212.164 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 24, 2024 00:30:17.119457006 CEST | 53 | 56842 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 00:30:17.281802893 CEST | 53 | 60269 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 00:30:18.322722912 CEST | 53 | 58874 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 00:30:19.446083069 CEST | 57325 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 00:30:19.446250916 CEST | 52906 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 00:30:19.492206097 CEST | 53 | 52906 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 00:30:19.492224932 CEST | 53 | 57325 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 00:30:21.337704897 CEST | 53 | 55348 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 00:30:37.242248058 CEST | 53 | 51788 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 00:30:56.190103054 CEST | 53 | 55480 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 00:31:16.859354973 CEST | 53 | 53324 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 00:31:19.357455969 CEST | 53 | 52005 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
May 24, 2024 00:31:16.859627008 CEST | 192.168.2.5 | 1.1.1.1 | c225 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 24, 2024 00:30:19.446083069 CEST | 192.168.2.5 | 1.1.1.1 | 0xc1ce | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 24, 2024 00:30:19.446250916 CEST | 192.168.2.5 | 1.1.1.1 | 0x8365 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 24, 2024 00:30:19.492206097 CEST | 1.1.1.1 | 192.168.2.5 | 0x8365 | No error (0) | 65 | IN (0x0001) | false | |||
May 24, 2024 00:30:19.492224932 CEST | 1.1.1.1 | 192.168.2.5 | 0xc1ce | No error (0) | 216.58.212.164 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 00:30:29.949350119 CEST | 1.1.1.1 | 192.168.2.5 | 0x7250 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 00:30:29.949350119 CEST | 1.1.1.1 | 192.168.2.5 | 0x7250 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 00:30:30.507769108 CEST | 1.1.1.1 | 192.168.2.5 | 0x3410 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 00:30:30.507769108 CEST | 1.1.1.1 | 192.168.2.5 | 0x3410 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 00:30:44.462891102 CEST | 1.1.1.1 | 192.168.2.5 | 0xc50 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 00:30:44.462891102 CEST | 1.1.1.1 | 192.168.2.5 | 0xc50 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 00:31:11.328949928 CEST | 1.1.1.1 | 192.168.2.5 | 0x34d2 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 00:31:11.328949928 CEST | 1.1.1.1 | 192.168.2.5 | 0x34d2 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false | ||
May 24, 2024 00:31:30.155385971 CEST | 1.1.1.1 | 192.168.2.5 | 0x6fe8 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
May 24, 2024 00:31:30.155385971 CEST | 1.1.1.1 | 192.168.2.5 | 0x6fe8 | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49709 | 172.104.75.98 | 80 | 5760 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 24, 2024 00:30:18.685722113 CEST | 432 | OUT | |
May 24, 2024 00:30:19.492237091 CEST | 370 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49710 | 172.104.75.98 | 80 | 5760 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 24, 2024 00:30:19.495069027 CEST | 464 | OUT | |
May 24, 2024 00:30:19.765149117 CEST | 1236 | IN | |
May 24, 2024 00:30:19.765168905 CEST | 1236 | IN | |
May 24, 2024 00:30:19.765350103 CEST | 1236 | IN | |
May 24, 2024 00:30:19.765371084 CEST | 1236 | IN | |
May 24, 2024 00:30:19.765383005 CEST | 1236 | IN | |
May 24, 2024 00:30:19.765846968 CEST | 1236 | IN | |
May 24, 2024 00:30:19.765882015 CEST | 776 | IN | |
May 24, 2024 00:30:19.765892029 CEST | 1236 | IN | |
May 24, 2024 00:30:19.766375065 CEST | 224 | IN | |
May 24, 2024 00:30:19.769838095 CEST | 1236 | IN | |
May 24, 2024 00:30:19.774724007 CEST | 508 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49715 | 172.104.75.98 | 80 | 5760 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 24, 2024 00:30:21.339291096 CEST | 418 | OUT | |
May 24, 2024 00:30:22.201230049 CEST | 1236 | IN | |
May 24, 2024 00:30:22.202843904 CEST | 1236 | IN | |
May 24, 2024 00:30:22.206053972 CEST | 1236 | IN | |
May 24, 2024 00:30:22.209315062 CEST | 1236 | IN | |
May 24, 2024 00:30:22.209335089 CEST | 1236 | IN | |
May 24, 2024 00:30:22.215761900 CEST | 1236 | IN | |
May 24, 2024 00:30:22.218991995 CEST | 1236 | IN | |
May 24, 2024 00:30:22.219007015 CEST | 1000 | IN | |
May 24, 2024 00:30:22.219017982 CEST | 1236 | IN | |
May 24, 2024 00:30:22.225440979 CEST | 508 | IN | |
May 24, 2024 00:30:22.383430004 CEST | 1236 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49714 | 172.104.75.98 | 80 | 5760 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 24, 2024 00:30:22.859321117 CEST | 463 | OUT | |
May 24, 2024 00:30:23.140842915 CEST | 1236 | IN | |
May 24, 2024 00:30:23.141148090 CEST | 1236 | IN | |
May 24, 2024 00:30:23.141968966 CEST | 1236 | IN | |
May 24, 2024 00:30:23.142760038 CEST | 1236 | IN | |
May 24, 2024 00:30:23.142776012 CEST | 1236 | IN | |
May 24, 2024 00:30:23.144423962 CEST | 1236 | IN | |
May 24, 2024 00:30:23.146867990 CEST | 776 | IN | |
May 24, 2024 00:30:23.146888018 CEST | 34 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49719 | 172.104.75.98 | 80 | 5760 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 24, 2024 00:30:23.431171894 CEST | 334 | OUT | |
May 24, 2024 00:30:24.242419958 CEST | 1236 | IN | |
May 24, 2024 00:30:24.243861914 CEST | 1236 | IN | |
May 24, 2024 00:30:24.246993065 CEST | 1236 | IN | |
May 24, 2024 00:30:24.247028112 CEST | 1236 | IN | |
May 24, 2024 00:30:24.252990007 CEST | 1236 | IN | |
May 24, 2024 00:30:24.256006002 CEST | 1236 | IN | |
May 24, 2024 00:30:24.259366989 CEST | 810 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49717 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 22:30:22 UTC | 161 | OUT | |
2024-05-23 22:30:23 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49718 | 184.28.90.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 22:30:23 UTC | 239 | OUT | |
2024-05-23 22:30:24 UTC | 514 | IN | |
2024-05-23 22:30:24 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 18:30:09 |
Start date: | 23/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 18:30:13 |
Start date: | 23/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 18:30:17 |
Start date: | 23/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |