Windows
Analysis Report
T8534770935.html
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
chrome.exe (PID: 6480 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "C:\Us ers\user\D esktop\T85 34770935.h tml" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) chrome.exe (PID: 2296 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2064 --fi eld-trial- handle=199 2,i,142200 5403488050 1362,10554 3722451879 9667,26214 4 /prefetc h:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CVE_2024_21412 | Yara detected CVE-2024-21412 | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CVE_2024_21412 | Yara detected CVE-2024-21412 | Joe Security |
Click to jump to signature section
Phishing |
---|
Source: | Tab title: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Software Vulnerabilities |
---|
Source: | File source: | ||
Source: | File source: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
3% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.250.185.132 | true | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.185.132 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1447083 |
Start date and time: | 2024-05-24 11:01:12 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 8s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowshtmlcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | T8534770935.html |
Detection: | MAL |
Classification: | mal52.phis.expl.winHTML@34/6@2/3 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.186.131, 142.250.181.238, 64.233.184.84, 34.104.35.123, 142.250.186.42, 142.250.185.170, 142.250.186.74, 172.217.23.106, 142.250.185.74, 142.250.185.106, 142.250.181.234, 216.58.206.42, 142.250.185.202, 142.250.186.138, 142.250.184.202, 172.217.18.106, 142.250.185.138, 142.250.184.234, 142.250.186.170, 142.250.185.234, 93.184.221.240, 192.229.221.95, 142.250.184.195, 142.250.186.174
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
Input | Output |
---|---|
URL: file:///C:/Users/user/Desktop/T8534770935.html Model: Perplexity: mixtral-8x7b-instruct | { "loginform": false, "reasons": [ "The text does not contain any elements typically found in a login form, such as input fields for a username and password, a submit button, or labels for those elements.", "The text specifically mentions that the page should redirect automatically, which is not something that a login form typically does.", "The text instructs the user to CLICK HERE, which suggests that it is not part of a login form, but rather a link to a login form." ] } |
Please CLICK HERE if the page does not redirect automatically |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | Unknown | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | CryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9757359539720896 |
Encrypted: | false |
SSDEEP: | 48:8IxdHTf/aHuidAKZdA19ehwiZUklqehHy+3:8ODLAy |
MD5: | 30E06D18228FA0FEF4BDE76014F2254C |
SHA1: | C87229771DBA90AD9854C5739FD06CA258C3B694 |
SHA-256: | 15B1DC233CF9964EE6350D2C93AA4EFBAEB46CDC945CE60E3924DE12FC420B90 |
SHA-512: | B015C6DC5306608A851CF7C8AA265B98BB4C365F06388384624D8989B93D55DC2F8122EA5E951F1E4E93150A1A03DEDC3F29F1EC0A7F95146A71AAC103D7EB11 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9912374010374014 |
Encrypted: | false |
SSDEEP: | 48:8kdHTf/aHuidAKZdA1weh/iZUkAQkqehwy+2:8gD59QFy |
MD5: | D60DCD401B093A50D2682501273F12CD |
SHA1: | C322F12C5AFB0D12234937AC7C78D74E44364A4D |
SHA-256: | E135B44CE0B089FDA39D8146D23259ED73F220802A9586335F532506C4A38BF9 |
SHA-512: | F3B8DD832C570A9D1503F9C26876B84C844510512DEFC42DE5513DB579E922791B2803444790D89671CF96707C6758C3487A8A2812521B5360CB2FDDD6357DD5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.003009972539481 |
Encrypted: | false |
SSDEEP: | 48:8xQdHTf/sHuidAKZdA14tseh7sFiZUkmgqeh7sOy+BX:8xsDfnEy |
MD5: | 17D450173F0C55A632C7DCA4F64394C1 |
SHA1: | 7A929A8A88CE87EBBFE1F398E3608AFC88DE265C |
SHA-256: | 187FBCC1F1F9FB41971753E105DADADD7FB2FE4B312B92C8461FD6BD908E088B |
SHA-512: | B2FC5ADC0364BA0582EFE9FF889B713722AAFFBA1CC5B488D94B89D08C1C039A87A27C04136A8E6FDB070DEBA39982E031F8383A72406629C6EE06D278ED2B9B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9902130489122722 |
Encrypted: | false |
SSDEEP: | 48:8xdHTf/aHuidAKZdA1vehDiZUkwqehMy+R:8bDa2y |
MD5: | A3579A995630D300E4C297E956A70B4D |
SHA1: | 9F05C8E17D563909C50EBFB309A3D6174CA8C7C1 |
SHA-256: | AED0365522305334D74AA46F592519B86443FC35DEE7FA0A299DC3581ABC5CCF |
SHA-512: | BAF477FC1F542FD9A008AF987E3F481886240DC4C5C249EB6105CAE80799297778F9BCB8EB8D80A5C72C715701071F8403F5F0210736B5F642DD7E3419970DD5 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9797974247053545 |
Encrypted: | false |
SSDEEP: | 48:88dHTf/aHuidAKZdA1hehBiZUk1W1qehiy+C:8YDa9Cy |
MD5: | AF562A3EA204D84D3E037D65474F0F5E |
SHA1: | 1436D99F067C37F4029D88F2F29756B4BE8B5BDF |
SHA-256: | 386576E40FAA4BE2E101F753FF9D428492A67AB1D3622B0666BDB675E4E2A623 |
SHA-512: | 87E38A516997F0F0BF24B9AA94C03649C421001BF1444EF06521EFE3D836A3D3A5E26E360197D0780A2690E5D9DBC66510493A63D49346658C2B1845DFFB67F1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.989547995769703 |
Encrypted: | false |
SSDEEP: | 48:8ydHTf/aHuidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbEy+yT+:8+DkT/TbxWOvTbEy7T |
MD5: | 20ACC212FC46FF021BC8193016DF5CA4 |
SHA1: | 4076A2AC61D071BE434D342BC7FD3B9A73FCA8FB |
SHA-256: | 46EDBD26C94DFC58BCA946EBC939DD3EC3802F43FEA61F20BBB27981BCF1BA86 |
SHA-512: | F0EF011D9C5A38049C9D301ECC60335EA70986E2B73CFCDCEF9BF63251E69DA9F4BF00A6EC89EF7EDDB7D9D14D7A28D3807515C95C99961610607D065BD25FA1 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 5.359404021844316 |
TrID: |
|
File name: | T8534770935.html |
File size: | 827 bytes |
MD5: | 6407743aed74a35f8e281f61364fd936 |
SHA1: | 919f554b0137d797b0a6f84ac011fb4f7c5e0ae5 |
SHA256: | b299b83838c9c0bef99499fca8e5024dbc8cfafdd4d859a10de859dd5678dea2 |
SHA512: | 310d0ae2a887db48da9fc7776c57f6a4046c48d936ea57d8adb446c981b03f00059cb0dcabfdec4eef3d85c26257b3ff738f1a5e8336072b8e0f2c8d1bf06d50 |
SSDEEP: | 12:TO0PoA1c0ASp6Qclfo21pDgqunpDv9MxikNVk2/hYGWtqBu2/hYF6HOs/1:bFsPbg791MxikNVk2/Gqw2/aW/1 |
TLSH: | 8B01F1A72046A8050631972499F472CCD691C80AE088BC54F35862DF9FF6769CC87455 |
File Content Preview: | <html>..<head> </head>..<body> ..<div id="in-page-channel-node-id" data-channel-name="in_page_channel_cnXeD0"> </div><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">..<link rel="icon" href="https://winaero.com/blog/wp-content/uploads/20 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 24, 2024 11:01:57.633490086 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 11:01:57.639022112 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 11:01:57.750508070 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 11:02:06.396908045 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:02:06.396951914 CEST | 443 | 49713 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:02:06.397020102 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:02:06.397587061 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:02:06.397603035 CEST | 443 | 49713 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:02:06.767749071 CEST | 49714 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:06.767781019 CEST | 443 | 49714 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:06.767848969 CEST | 49714 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:06.769896030 CEST | 49714 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:06.769913912 CEST | 443 | 49714 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:07.063127041 CEST | 443 | 49713 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:02:07.063411951 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:02:07.063440084 CEST | 443 | 49713 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:02:07.064846039 CEST | 443 | 49713 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:02:07.064924955 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:02:07.066148996 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:02:07.066215992 CEST | 443 | 49713 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:02:07.114957094 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:02:07.114986897 CEST | 443 | 49713 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:02:07.161803961 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:02:07.239938021 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 11:02:07.239938021 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 11:02:07.349356890 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 11:02:07.419207096 CEST | 443 | 49714 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:07.419286966 CEST | 49714 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:07.423157930 CEST | 49714 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:07.423171997 CEST | 443 | 49714 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:07.423547983 CEST | 443 | 49714 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:07.471832037 CEST | 49714 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:07.518501997 CEST | 443 | 49714 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:07.683510065 CEST | 443 | 49714 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:07.683569908 CEST | 443 | 49714 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:07.683737993 CEST | 49714 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:07.683764935 CEST | 443 | 49714 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:07.683779955 CEST | 49714 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:07.683787107 CEST | 443 | 49714 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:07.722026110 CEST | 49715 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:07.722059011 CEST | 443 | 49715 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:07.722122908 CEST | 49715 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:07.722503901 CEST | 49715 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:07.722510099 CEST | 443 | 49715 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:08.350878954 CEST | 443 | 49715 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:08.350969076 CEST | 49715 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:08.352294922 CEST | 49715 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:08.352303982 CEST | 443 | 49715 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:08.352591991 CEST | 443 | 49715 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:08.353770971 CEST | 49715 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:08.394505978 CEST | 443 | 49715 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:08.681327105 CEST | 443 | 49715 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:08.681401014 CEST | 443 | 49715 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:08.681463957 CEST | 49715 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:08.682224989 CEST | 49715 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:08.682239056 CEST | 443 | 49715 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:08.682252884 CEST | 49715 | 443 | 192.168.2.5 | 23.43.61.160 |
May 24, 2024 11:02:08.682256937 CEST | 443 | 49715 | 23.43.61.160 | 192.168.2.5 |
May 24, 2024 11:02:09.013961077 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
May 24, 2024 11:02:09.014062881 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
May 24, 2024 11:02:16.974389076 CEST | 443 | 49713 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:02:16.974575043 CEST | 443 | 49713 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:02:16.974638939 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:02:17.356878042 CEST | 49713 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:02:17.356899977 CEST | 443 | 49713 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:02:17.771137953 CEST | 49721 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:17.771184921 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:17.771258116 CEST | 49721 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:17.775743008 CEST | 49721 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:17.775757074 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:18.475961924 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:18.476402044 CEST | 49721 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:18.478276968 CEST | 49721 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:18.478290081 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:18.478631973 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:18.522939920 CEST | 49721 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:19.329725981 CEST | 49721 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:19.370529890 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:19.701925993 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:19.701992035 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:19.702013016 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:19.702044964 CEST | 49721 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:19.702065945 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:19.702090979 CEST | 49721 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:19.702107906 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:19.702126026 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:19.702142954 CEST | 49721 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:19.702178001 CEST | 49721 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:19.714106083 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:19.714195013 CEST | 49721 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:19.714210987 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:19.714304924 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:19.714359999 CEST | 49721 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:20.468072891 CEST | 49721 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:20.468102932 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:20.468281031 CEST | 49721 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:20.468290091 CEST | 443 | 49721 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:43.779228926 CEST | 61281 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 11:02:43.784837961 CEST | 53 | 61281 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:02:43.784938097 CEST | 61281 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 11:02:43.784981966 CEST | 61281 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 11:02:43.842586994 CEST | 53 | 61281 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:02:44.252453089 CEST | 53 | 61281 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:02:44.253076077 CEST | 61281 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 11:02:44.258563042 CEST | 53 | 61281 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:02:44.258635044 CEST | 61281 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 11:02:57.094191074 CEST | 61283 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:57.094238997 CEST | 443 | 61283 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:57.094785929 CEST | 61283 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:57.094785929 CEST | 61283 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:57.094818115 CEST | 443 | 61283 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:57.786257029 CEST | 443 | 61283 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:57.786339998 CEST | 61283 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:57.790218115 CEST | 61283 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:57.790239096 CEST | 443 | 61283 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:57.790591955 CEST | 443 | 61283 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:57.800860882 CEST | 61283 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:57.846496105 CEST | 443 | 61283 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:58.093997955 CEST | 443 | 61283 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:58.094028950 CEST | 443 | 61283 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:58.094046116 CEST | 443 | 61283 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:58.094085932 CEST | 61283 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:58.094108105 CEST | 443 | 61283 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:58.094134092 CEST | 61283 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:58.094156981 CEST | 61283 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:58.108619928 CEST | 443 | 61283 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:58.108664036 CEST | 443 | 61283 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:58.108694077 CEST | 61283 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:58.108701944 CEST | 443 | 61283 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:58.108727932 CEST | 443 | 61283 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:58.108747005 CEST | 61283 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:58.108768940 CEST | 61283 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:58.109112024 CEST | 61283 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:58.109124899 CEST | 443 | 61283 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:02:58.109136105 CEST | 61283 | 443 | 192.168.2.5 | 52.165.165.26 |
May 24, 2024 11:02:58.109139919 CEST | 443 | 61283 | 52.165.165.26 | 192.168.2.5 |
May 24, 2024 11:03:06.420926094 CEST | 61285 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:03:06.420969009 CEST | 443 | 61285 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:03:06.421320915 CEST | 61285 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:03:06.421509981 CEST | 61285 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:03:06.421528101 CEST | 443 | 61285 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:03:07.059566975 CEST | 443 | 61285 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:03:07.060209036 CEST | 61285 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:03:07.060233116 CEST | 443 | 61285 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:03:07.060592890 CEST | 443 | 61285 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:03:07.060972929 CEST | 61285 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:03:07.061049938 CEST | 443 | 61285 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:03:07.114376068 CEST | 61285 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:03:16.971905947 CEST | 443 | 61285 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:03:16.972050905 CEST | 443 | 61285 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:03:16.972273111 CEST | 61285 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:03:18.413259983 CEST | 61285 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:03:18.413289070 CEST | 443 | 61285 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:04:06.474720001 CEST | 61287 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:04:06.474771976 CEST | 443 | 61287 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:04:06.474843025 CEST | 61287 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:04:06.475070000 CEST | 61287 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:04:06.475084066 CEST | 443 | 61287 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:04:07.120623112 CEST | 443 | 61287 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:04:07.120980024 CEST | 61287 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:04:07.121002913 CEST | 443 | 61287 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:04:07.121258020 CEST | 443 | 61287 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:04:07.121665001 CEST | 61287 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:04:07.121721029 CEST | 443 | 61287 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:04:07.176577091 CEST | 61287 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:04:17.020401001 CEST | 443 | 61287 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:04:17.020464897 CEST | 443 | 61287 | 142.250.185.132 | 192.168.2.5 |
May 24, 2024 11:04:17.020596027 CEST | 61287 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:04:18.412736893 CEST | 61287 | 443 | 192.168.2.5 | 142.250.185.132 |
May 24, 2024 11:04:18.412775993 CEST | 443 | 61287 | 142.250.185.132 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 24, 2024 11:02:02.015485048 CEST | 53 | 55878 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:02:02.015552998 CEST | 53 | 60602 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:02:03.132308960 CEST | 53 | 64317 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:02:04.730165958 CEST | 53 | 55452 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:02:06.366262913 CEST | 62043 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 11:02:06.366408110 CEST | 58395 | 53 | 192.168.2.5 | 1.1.1.1 |
May 24, 2024 11:02:06.381851912 CEST | 53 | 58395 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:02:06.381861925 CEST | 53 | 62043 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:02:20.748459101 CEST | 53 | 52297 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:02:39.741393089 CEST | 53 | 61840 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:02:43.778745890 CEST | 53 | 63763 | 1.1.1.1 | 192.168.2.5 |
May 24, 2024 11:03:01.615375042 CEST | 53 | 50605 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
May 24, 2024 11:02:04.733437061 CEST | 192.168.2.5 | 1.1.1.1 | c233 | (Port unreachable) | Destination Unreachable |
May 24, 2024 11:03:01.615453959 CEST | 192.168.2.5 | 1.1.1.1 | c225 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 24, 2024 11:02:06.366262913 CEST | 192.168.2.5 | 1.1.1.1 | 0x9cb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 24, 2024 11:02:06.366408110 CEST | 192.168.2.5 | 1.1.1.1 | 0x55b6 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 24, 2024 11:02:06.381851912 CEST | 1.1.1.1 | 192.168.2.5 | 0x55b6 | No error (0) | 65 | IN (0x0001) | false | |||
May 24, 2024 11:02:06.381861925 CEST | 1.1.1.1 | 192.168.2.5 | 0x9cb | No error (0) | 142.250.185.132 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49714 | 23.43.61.160 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 09:02:07 UTC | 161 | OUT | |
2024-05-24 09:02:07 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49715 | 23.43.61.160 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 09:02:08 UTC | 239 | OUT | |
2024-05-24 09:02:08 UTC | 535 | IN | |
2024-05-24 09:02:08 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49721 | 52.165.165.26 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 09:02:19 UTC | 306 | OUT | |
2024-05-24 09:02:19 UTC | 560 | IN | |
2024-05-24 09:02:19 UTC | 15824 | IN | |
2024-05-24 09:02:19 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 61283 | 52.165.165.26 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-24 09:02:57 UTC | 306 | OUT | |
2024-05-24 09:02:58 UTC | 560 | IN | |
2024-05-24 09:02:58 UTC | 15824 | IN | |
2024-05-24 09:02:58 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 05:01:57 |
Start date: | 24/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 05:02:00 |
Start date: | 24/05/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |