Windows
Analysis Report
Http://myou.cvte.com
Overview
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w7x64
- chrome.exe (PID: 3048 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " --start- maximized "about:bla nk" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED) - chrome.exe (PID: 2144 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " --type=u tility --u tility-sub -type=netw ork.mojom. NetworkSer vice --lan g=en-US -- service-sa ndbox-type =none --mo jo-platfor m-channel- handle=145 2 --field- trial-hand le=1160,i, 1261201601 7974433033 ,933667105 5418106086 ,131072 -- disable-fe atures=Opt imizationG uideModelD ownloading ,Optimizat ionHints,O ptimizatio nHintsFetc hing,Optim izationTar getPredict ion /prefe tch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
- chrome.exe (PID: 1076 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " "Http:// myou.cvte. com" MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior |
Source: | Memory has grown: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 2 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Extra Window Memory Injection | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Extra Window Memory Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
myou.cvtalk.cn | 150.158.217.53 | true | false |
| unknown |
www.google.com | 142.251.167.106 | true | false | high | |
myou.cvte.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
1.15.161.159 | unknown | China | 13335 | CLOUDFLARENETUS | false | |
150.158.217.53 | myou.cvtalk.cn | China | 45090 | CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompa | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.251.167.106 | www.google.com | United States | 15169 | GOOGLEUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417430 |
Start date and time: | 2024-03-29 09:32:00 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 52s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | Http://myou.cvte.com |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 3 |
Number of new started drivers analysed: | 2 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@18/0@6/4 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): vga.dll
- Excluded IPs from analysis (whitelisted): 142.251.163.94, 172.253.122.84, 142.251.167.101, 142.251.167.102, 142.251.167.113, 142.251.167.139, 142.251.167.100, 142.251.167.138, 34.104.35.123, 172.253.63.94
- Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2024 09:32:50.365995884 CET | 49167 | 80 | 192.168.2.22 | 150.158.217.53 |
Mar 29, 2024 09:32:50.366699934 CET | 49168 | 80 | 192.168.2.22 | 150.158.217.53 |
Mar 29, 2024 09:32:50.544190884 CET | 49169 | 80 | 192.168.2.22 | 150.158.217.53 |
Mar 29, 2024 09:32:50.663268089 CET | 80 | 49167 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:32:50.663360119 CET | 49167 | 80 | 192.168.2.22 | 150.158.217.53 |
Mar 29, 2024 09:32:50.663657904 CET | 49167 | 80 | 192.168.2.22 | 150.158.217.53 |
Mar 29, 2024 09:32:50.672545910 CET | 80 | 49168 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:32:50.672611952 CET | 49168 | 80 | 192.168.2.22 | 150.158.217.53 |
Mar 29, 2024 09:32:50.844058990 CET | 80 | 49169 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:32:50.844187975 CET | 49169 | 80 | 192.168.2.22 | 150.158.217.53 |
Mar 29, 2024 09:32:50.960777998 CET | 80 | 49167 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:32:50.961133003 CET | 80 | 49167 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:32:50.999094963 CET | 49167 | 80 | 192.168.2.22 | 150.158.217.53 |
Mar 29, 2024 09:32:51.297394991 CET | 80 | 49167 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:32:51.500921965 CET | 49167 | 80 | 192.168.2.22 | 150.158.217.53 |
Mar 29, 2024 09:32:51.519208908 CET | 49170 | 80 | 192.168.2.22 | 1.15.161.159 |
Mar 29, 2024 09:32:51.583755016 CET | 49171 | 80 | 192.168.2.22 | 1.15.161.159 |
Mar 29, 2024 09:32:51.824727058 CET | 80 | 49170 | 1.15.161.159 | 192.168.2.22 |
Mar 29, 2024 09:32:51.824789047 CET | 49170 | 80 | 192.168.2.22 | 1.15.161.159 |
Mar 29, 2024 09:32:51.825340033 CET | 49170 | 80 | 192.168.2.22 | 1.15.161.159 |
Mar 29, 2024 09:32:51.893042088 CET | 80 | 49171 | 1.15.161.159 | 192.168.2.22 |
Mar 29, 2024 09:32:51.893098116 CET | 49171 | 80 | 192.168.2.22 | 1.15.161.159 |
Mar 29, 2024 09:32:52.115739107 CET | 49172 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:32:52.115770102 CET | 443 | 49172 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:32:52.115823984 CET | 49172 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:32:52.117856979 CET | 49172 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:32:52.117872000 CET | 443 | 49172 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:32:52.130072117 CET | 80 | 49170 | 1.15.161.159 | 192.168.2.22 |
Mar 29, 2024 09:32:52.130929947 CET | 80 | 49170 | 1.15.161.159 | 192.168.2.22 |
Mar 29, 2024 09:32:52.351322889 CET | 49170 | 80 | 192.168.2.22 | 1.15.161.159 |
Mar 29, 2024 09:32:52.394253016 CET | 443 | 49172 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:32:52.600238085 CET | 443 | 49172 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:32:52.600356102 CET | 49172 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:32:52.696916103 CET | 49172 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:32:52.696923018 CET | 443 | 49172 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:32:52.698374033 CET | 443 | 49172 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:32:52.698431015 CET | 49172 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:32:52.728022099 CET | 49172 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:32:52.728152990 CET | 443 | 49172 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:32:52.936238050 CET | 443 | 49172 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:32:52.936295033 CET | 49172 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:33:02.401947975 CET | 443 | 49172 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:33:02.402023077 CET | 443 | 49172 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:33:02.402071953 CET | 49172 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:33:03.838752031 CET | 49172 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:33:03.838803053 CET | 443 | 49172 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:33:35.721438885 CET | 49168 | 80 | 192.168.2.22 | 150.158.217.53 |
Mar 29, 2024 09:33:35.865941048 CET | 49169 | 80 | 192.168.2.22 | 150.158.217.53 |
Mar 29, 2024 09:33:36.027090073 CET | 80 | 49168 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:33:36.166083097 CET | 80 | 49169 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:33:36.305784941 CET | 49167 | 80 | 192.168.2.22 | 150.158.217.53 |
Mar 29, 2024 09:33:36.603082895 CET | 80 | 49167 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:33:36.911010981 CET | 49171 | 80 | 192.168.2.22 | 1.15.161.159 |
Mar 29, 2024 09:33:37.129431009 CET | 49170 | 80 | 192.168.2.22 | 1.15.161.159 |
Mar 29, 2024 09:33:37.218303919 CET | 80 | 49171 | 1.15.161.159 | 192.168.2.22 |
Mar 29, 2024 09:33:37.434565067 CET | 80 | 49170 | 1.15.161.159 | 192.168.2.22 |
Mar 29, 2024 09:33:50.978806019 CET | 80 | 49168 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:33:50.978821039 CET | 80 | 49168 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:33:50.978862047 CET | 49168 | 80 | 192.168.2.22 | 150.158.217.53 |
Mar 29, 2024 09:33:51.143179893 CET | 80 | 49169 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:33:51.143241882 CET | 49169 | 80 | 192.168.2.22 | 150.158.217.53 |
Mar 29, 2024 09:33:51.284238100 CET | 80 | 49168 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:33:51.297460079 CET | 80 | 49167 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:33:51.297493935 CET | 80 | 49167 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:33:51.297513962 CET | 49167 | 80 | 192.168.2.22 | 150.158.217.53 |
Mar 29, 2024 09:33:51.594711065 CET | 80 | 49167 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:33:51.839256048 CET | 49169 | 80 | 192.168.2.22 | 150.158.217.53 |
Mar 29, 2024 09:33:52.025099993 CET | 49174 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:33:52.025103092 CET | 49171 | 80 | 192.168.2.22 | 1.15.161.159 |
Mar 29, 2024 09:33:52.025132895 CET | 443 | 49174 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:33:52.025285959 CET | 49174 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:33:52.025449038 CET | 49174 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:33:52.025460005 CET | 443 | 49174 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:33:52.131623983 CET | 80 | 49170 | 1.15.161.159 | 192.168.2.22 |
Mar 29, 2024 09:33:52.131810904 CET | 49170 | 80 | 192.168.2.22 | 1.15.161.159 |
Mar 29, 2024 09:33:52.138860941 CET | 80 | 49169 | 150.158.217.53 | 192.168.2.22 |
Mar 29, 2024 09:33:52.201797009 CET | 80 | 49171 | 1.15.161.159 | 192.168.2.22 |
Mar 29, 2024 09:33:52.201862097 CET | 49171 | 80 | 192.168.2.22 | 1.15.161.159 |
Mar 29, 2024 09:33:52.296603918 CET | 443 | 49174 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:33:52.296880007 CET | 49174 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:33:52.296891928 CET | 443 | 49174 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:33:52.297180891 CET | 443 | 49174 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:33:52.297533035 CET | 49174 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:33:52.297590017 CET | 443 | 49174 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:33:52.332089901 CET | 80 | 49171 | 1.15.161.159 | 192.168.2.22 |
Mar 29, 2024 09:33:52.504240036 CET | 443 | 49174 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:33:52.504302979 CET | 49174 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:33:53.844909906 CET | 49170 | 80 | 192.168.2.22 | 1.15.161.159 |
Mar 29, 2024 09:33:54.149777889 CET | 80 | 49170 | 1.15.161.159 | 192.168.2.22 |
Mar 29, 2024 09:34:02.347893000 CET | 443 | 49174 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:34:02.347951889 CET | 443 | 49174 | 142.251.167.106 | 192.168.2.22 |
Mar 29, 2024 09:34:02.348006010 CET | 49174 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:34:03.861541033 CET | 49174 | 443 | 192.168.2.22 | 142.251.167.106 |
Mar 29, 2024 09:34:03.861565113 CET | 443 | 49174 | 142.251.167.106 | 192.168.2.22 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2024 09:32:47.547105074 CET | 53 | 54821 | 8.8.8.8 | 192.168.2.22 |
Mar 29, 2024 09:32:47.795424938 CET | 53 | 49881 | 8.8.8.8 | 192.168.2.22 |
Mar 29, 2024 09:32:48.633658886 CET | 53 | 62672 | 8.8.8.8 | 192.168.2.22 |
Mar 29, 2024 09:32:50.022638083 CET | 54842 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 29, 2024 09:32:50.026757956 CET | 58105 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 29, 2024 09:32:50.329505920 CET | 53 | 54842 | 8.8.8.8 | 192.168.2.22 |
Mar 29, 2024 09:32:50.365504980 CET | 53 | 58105 | 8.8.8.8 | 192.168.2.22 |
Mar 29, 2024 09:32:51.303806067 CET | 57390 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 29, 2024 09:32:51.307162046 CET | 58095 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 29, 2024 09:32:51.478758097 CET | 53 | 57390 | 8.8.8.8 | 192.168.2.22 |
Mar 29, 2024 09:32:51.729151964 CET | 53 | 58095 | 8.8.8.8 | 192.168.2.22 |
Mar 29, 2024 09:32:51.972449064 CET | 60507 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 29, 2024 09:32:51.972968102 CET | 50446 | 53 | 192.168.2.22 | 8.8.8.8 |
Mar 29, 2024 09:32:52.078120947 CET | 53 | 60507 | 8.8.8.8 | 192.168.2.22 |
Mar 29, 2024 09:32:52.104429960 CET | 53 | 50446 | 8.8.8.8 | 192.168.2.22 |
Mar 29, 2024 09:33:05.692614079 CET | 53 | 61826 | 8.8.8.8 | 192.168.2.22 |
Mar 29, 2024 09:33:12.714546919 CET | 53 | 56345 | 8.8.8.8 | 192.168.2.22 |
Mar 29, 2024 09:33:23.523714066 CET | 53 | 56207 | 8.8.8.8 | 192.168.2.22 |
Mar 29, 2024 09:33:41.562715054 CET | 53 | 49478 | 8.8.8.8 | 192.168.2.22 |
Mar 29, 2024 09:33:47.432310104 CET | 53 | 54615 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Mar 29, 2024 09:32:51.729221106 CET | 192.168.2.22 | 8.8.8.8 | d062 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 29, 2024 09:32:50.022638083 CET | 192.168.2.22 | 8.8.8.8 | 0x34c0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 29, 2024 09:32:50.026757956 CET | 192.168.2.22 | 8.8.8.8 | 0x8f21 | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 29, 2024 09:32:51.303806067 CET | 192.168.2.22 | 8.8.8.8 | 0x83e5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 29, 2024 09:32:51.307162046 CET | 192.168.2.22 | 8.8.8.8 | 0x142a | Standard query (0) | 65 | IN (0x0001) | false | |
Mar 29, 2024 09:32:51.972449064 CET | 192.168.2.22 | 8.8.8.8 | 0x9cad | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 29, 2024 09:32:51.972968102 CET | 192.168.2.22 | 8.8.8.8 | 0xdf15 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 29, 2024 09:32:50.329505920 CET | 8.8.8.8 | 192.168.2.22 | 0x34c0 | No error (0) | myou.cvtalk.cn | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 29, 2024 09:32:50.329505920 CET | 8.8.8.8 | 192.168.2.22 | 0x34c0 | No error (0) | 150.158.217.53 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 09:32:50.329505920 CET | 8.8.8.8 | 192.168.2.22 | 0x34c0 | No error (0) | 42.192.255.173 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 09:32:50.329505920 CET | 8.8.8.8 | 192.168.2.22 | 0x34c0 | No error (0) | 1.15.161.159 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 09:32:50.365504980 CET | 8.8.8.8 | 192.168.2.22 | 0x8f21 | No error (0) | myou.cvtalk.cn | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 29, 2024 09:32:51.478758097 CET | 8.8.8.8 | 192.168.2.22 | 0x83e5 | No error (0) | myou.cvtalk.cn | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 29, 2024 09:32:51.478758097 CET | 8.8.8.8 | 192.168.2.22 | 0x83e5 | No error (0) | 1.15.161.159 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 09:32:51.478758097 CET | 8.8.8.8 | 192.168.2.22 | 0x83e5 | No error (0) | 150.158.217.53 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 09:32:51.478758097 CET | 8.8.8.8 | 192.168.2.22 | 0x83e5 | No error (0) | 42.192.255.173 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 09:32:51.729151964 CET | 8.8.8.8 | 192.168.2.22 | 0x142a | No error (0) | myou.cvtalk.cn | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 29, 2024 09:32:52.078120947 CET | 8.8.8.8 | 192.168.2.22 | 0x9cad | No error (0) | 142.251.167.106 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 09:32:52.078120947 CET | 8.8.8.8 | 192.168.2.22 | 0x9cad | No error (0) | 142.251.167.147 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 09:32:52.078120947 CET | 8.8.8.8 | 192.168.2.22 | 0x9cad | No error (0) | 142.251.167.105 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 09:32:52.078120947 CET | 8.8.8.8 | 192.168.2.22 | 0x9cad | No error (0) | 142.251.167.104 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 09:32:52.078120947 CET | 8.8.8.8 | 192.168.2.22 | 0x9cad | No error (0) | 142.251.167.99 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 09:32:52.078120947 CET | 8.8.8.8 | 192.168.2.22 | 0x9cad | No error (0) | 142.251.167.103 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 09:32:52.104429960 CET | 8.8.8.8 | 192.168.2.22 | 0xdf15 | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49167 | 150.158.217.53 | 80 | 2144 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 29, 2024 09:32:50.663657904 CET | 428 | OUT | |
Mar 29, 2024 09:32:50.961133003 CET | 145 | IN | |
Mar 29, 2024 09:32:50.999094963 CET | 370 | OUT | |
Mar 29, 2024 09:32:51.297394991 CET | 141 | IN | |
Mar 29, 2024 09:33:36.305784941 CET | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.22 | 49170 | 1.15.161.159 | 80 | 2144 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 29, 2024 09:32:51.825340033 CET | 277 | OUT | |
Mar 29, 2024 09:32:52.130929947 CET | 141 | IN | |
Mar 29, 2024 09:33:37.129431009 CET | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.22 | 49168 | 150.158.217.53 | 80 | 2144 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 29, 2024 09:33:35.721438885 CET | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.22 | 49169 | 150.158.217.53 | 80 | 2144 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 29, 2024 09:33:35.865941048 CET | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.22 | 49171 | 1.15.161.159 | 80 | 2144 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 29, 2024 09:33:36.911010981 CET | 6 | OUT |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 09:32:45 |
Start date: | 29/03/2024 |
Path: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f990000 |
File size: | 3'151'128 bytes |
MD5 hash: | FFA2B8E17F645BCC20F0E0201FEF83ED |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 09:32:46 |
Start date: | 29/03/2024 |
Path: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f990000 |
File size: | 3'151'128 bytes |
MD5 hash: | FFA2B8E17F645BCC20F0E0201FEF83ED |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 4 |
Start time: | 09:32:49 |
Start date: | 29/03/2024 |
Path: | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f990000 |
File size: | 3'151'128 bytes |
MD5 hash: | FFA2B8E17F645BCC20F0E0201FEF83ED |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |