Windows
Analysis Report
index[1].htm
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 2504 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "C:\Us ers\user\D esktop\ind ex[1].htm" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 736 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2276 --fi eld-trial- handle=221 6,i,141818 0530979057 7498,10484 8875243666 11747,2621 44 /prefet ch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
Phishing |
---|
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 142.251.16.147 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| low |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.251.16.147 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417515 |
Start date and time: | 2024-03-29 14:30:01 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 55s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowshtmlcookbook.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | index[1].htm |
Detection: | MAL |
Classification: | mal48.phis.winHTM@24/0@2/3 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.253.115.94, 142.251.167.84, 142.251.163.102, 142.251.163.101, 142.251.163.139, 142.251.163.113, 142.251.163.100, 142.251.163.138, 34.104.35.123, 142.250.31.95, 172.253.122.95, 172.253.63.95, 142.251.111.95, 142.251.167.95, 142.251.179.95, 142.251.16.95, 142.251.163.95, 172.253.62.95, 172.253.115.95, 23.207.202.26, 192.229.211.108, 142.251.179.94, 172.253.62.100, 172.253.62.102, 172.253.62.138, 172.253.62.113, 172.253.62.101, 172.253.62.139
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, optimizationguide-pa.googleapis.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | HTMLPhisher | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Phisher | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
|
File type: | |
Entropy (8bit): | 4.85369445543576 |
TrID: |
|
File name: | index[1].htm |
File size: | 2'816 bytes |
MD5: | 8887bb9806cfb1dac527e3f50b8b985a |
SHA1: | 11ccadb4c1dcef6b0a352e5526e5c7fa9fa397fc |
SHA256: | 21530b3b9f3bf791881d8c0c4ce69c0e695f10545046e092e5b19391644de498 |
SHA512: | fbc2884fbf119d7beb1bb1d21f6156d47a999d33ed4582c9e6f1a502e1fbd74cf56ae2b46ccd990412a71dfe73990ba00b68e12d7bcf23e212f8bffe4c34ccaf |
SSDEEP: | 48:tmoaqKgKs5pHKh8dnts+fnUeQ0sLtvmT1IVFraQUEzGCO:7rl1YojpE86Vlaku |
TLSH: | E3510CAB184594A646706338CF61F15DFBFA22532244AA50B84D91062FF1F25E3F3FE8 |
File Content Preview: | <!DOCTYPE html>..<html lang="en">....<head>.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.. <meta name="theme-color" content="#000000">.. <meta http-equiv="X-UA-Compatible" content="I |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2024 14:30:43.769257069 CET | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Mar 29, 2024 14:30:43.800520897 CET | 49678 | 443 | 192.168.2.4 | 104.46.162.224 |
Mar 29, 2024 14:30:53.377053022 CET | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Mar 29, 2024 14:30:54.314989090 CET | 49737 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:30:54.315012932 CET | 443 | 49737 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:30:54.315078020 CET | 49737 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:30:54.315392971 CET | 49737 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:30:54.315402985 CET | 443 | 49737 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:30:54.545037031 CET | 443 | 49737 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:30:54.545408964 CET | 49737 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:30:54.545424938 CET | 443 | 49737 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:30:54.546461105 CET | 443 | 49737 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:30:54.546612978 CET | 49737 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:30:54.547878027 CET | 49737 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:30:54.547946930 CET | 443 | 49737 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:30:54.597352982 CET | 49737 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:30:54.597367048 CET | 443 | 49737 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:30:54.644237041 CET | 49737 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:30:56.025269032 CET | 49738 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:56.025311947 CET | 443 | 49738 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:56.025532007 CET | 49738 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:56.027757883 CET | 49738 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:56.027770042 CET | 443 | 49738 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:56.555613041 CET | 443 | 49738 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:56.555779934 CET | 49738 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:56.558074951 CET | 49738 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:56.558084011 CET | 443 | 49738 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:56.558306932 CET | 443 | 49738 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:56.595824003 CET | 49738 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:56.640245914 CET | 443 | 49738 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:56.871395111 CET | 443 | 49738 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:56.871462107 CET | 443 | 49738 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:56.871510983 CET | 49738 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:56.871633053 CET | 49738 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:56.871654034 CET | 49738 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:56.871654034 CET | 443 | 49738 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:56.871659994 CET | 443 | 49738 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:56.899104118 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:56.899133921 CET | 443 | 49739 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:56.899204016 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:56.899455070 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:56.899462938 CET | 443 | 49739 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:57.222012997 CET | 443 | 49739 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:57.222088099 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:57.229935884 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:57.229942083 CET | 443 | 49739 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:57.230160952 CET | 443 | 49739 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:57.233088970 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:57.280231953 CET | 443 | 49739 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:57.546776056 CET | 443 | 49739 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:57.546897888 CET | 443 | 49739 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:57.546963930 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:57.551693916 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:57.551707029 CET | 443 | 49739 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:30:57.551727057 CET | 49739 | 443 | 192.168.2.4 | 23.56.8.114 |
Mar 29, 2024 14:30:57.551733017 CET | 443 | 49739 | 23.56.8.114 | 192.168.2.4 |
Mar 29, 2024 14:31:04.538224936 CET | 443 | 49737 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:31:04.538290977 CET | 443 | 49737 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:31:04.538374901 CET | 49737 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:31:05.718166113 CET | 49737 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:31:05.718185902 CET | 443 | 49737 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:31:05.769829988 CET | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:05.769860983 CET | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:05.769923925 CET | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:05.775157928 CET | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:05.775171041 CET | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:06.089489937 CET | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:06.089699984 CET | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:06.095873117 CET | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:06.095896006 CET | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:06.096146107 CET | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:06.143903017 CET | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:06.667290926 CET | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:06.712233067 CET | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:06.868885994 CET | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:06.868906021 CET | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:06.868913889 CET | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:06.868923903 CET | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:06.868942976 CET | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:06.868958950 CET | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:06.868966103 CET | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:06.868999004 CET | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:06.869029999 CET | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:06.869430065 CET | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:06.869498014 CET | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:06.869513988 CET | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:06.869565010 CET | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:07.160809040 CET | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:07.160824060 CET | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:07.160856962 CET | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:07.160862923 CET | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:43.958280087 CET | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:43.958336115 CET | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:43.958493948 CET | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:43.959955931 CET | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:43.959973097 CET | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:44.270243883 CET | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:44.270539045 CET | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:44.274842978 CET | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:44.274861097 CET | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:44.275068045 CET | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:44.287980080 CET | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:44.328243971 CET | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:44.570997000 CET | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:44.571021080 CET | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:44.571033955 CET | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:44.571173906 CET | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:44.571196079 CET | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:44.571322918 CET | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:44.671659946 CET | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:44.671696901 CET | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:44.671734095 CET | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:44.671777010 CET | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:44.671894073 CET | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:44.671894073 CET | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:44.671977043 CET | 49752 | 443 | 192.168.2.4 | 20.12.23.50 |
Mar 29, 2024 14:31:44.672003984 CET | 443 | 49752 | 20.12.23.50 | 192.168.2.4 |
Mar 29, 2024 14:31:54.291404963 CET | 49754 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:31:54.291440010 CET | 443 | 49754 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:31:54.291657925 CET | 49754 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:31:54.291954041 CET | 49754 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:31:54.291974068 CET | 443 | 49754 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:31:54.541938066 CET | 443 | 49754 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:31:54.579430103 CET | 49754 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:31:54.579453945 CET | 443 | 49754 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:31:54.579828024 CET | 443 | 49754 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:31:54.580281973 CET | 49754 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:31:54.580358982 CET | 443 | 49754 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:31:54.627248049 CET | 49754 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:32:02.752552032 CET | 49724 | 80 | 192.168.2.4 | 23.207.202.29 |
Mar 29, 2024 14:32:02.752573967 CET | 49723 | 80 | 192.168.2.4 | 23.207.202.29 |
Mar 29, 2024 14:32:02.849489927 CET | 80 | 49724 | 23.207.202.29 | 192.168.2.4 |
Mar 29, 2024 14:32:02.849510908 CET | 80 | 49723 | 23.207.202.29 | 192.168.2.4 |
Mar 29, 2024 14:32:02.849562883 CET | 49723 | 80 | 192.168.2.4 | 23.207.202.29 |
Mar 29, 2024 14:32:02.849575043 CET | 49724 | 80 | 192.168.2.4 | 23.207.202.29 |
Mar 29, 2024 14:32:04.567116976 CET | 443 | 49754 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:32:04.567177057 CET | 443 | 49754 | 142.251.16.147 | 192.168.2.4 |
Mar 29, 2024 14:32:04.567329884 CET | 49754 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:32:05.504980087 CET | 49754 | 443 | 192.168.2.4 | 142.251.16.147 |
Mar 29, 2024 14:32:05.505012989 CET | 443 | 49754 | 142.251.16.147 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2024 14:30:51.171111107 CET | 53 | 58643 | 1.1.1.1 | 192.168.2.4 |
Mar 29, 2024 14:30:51.189502001 CET | 53 | 58488 | 1.1.1.1 | 192.168.2.4 |
Mar 29, 2024 14:30:51.957073927 CET | 53 | 62724 | 1.1.1.1 | 192.168.2.4 |
Mar 29, 2024 14:30:54.211457968 CET | 56267 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 29, 2024 14:30:54.211637974 CET | 54213 | 53 | 192.168.2.4 | 1.1.1.1 |
Mar 29, 2024 14:30:54.312774897 CET | 53 | 54213 | 1.1.1.1 | 192.168.2.4 |
Mar 29, 2024 14:30:54.312793016 CET | 53 | 56267 | 1.1.1.1 | 192.168.2.4 |
Mar 29, 2024 14:31:03.508099079 CET | 53 | 62043 | 1.1.1.1 | 192.168.2.4 |
Mar 29, 2024 14:31:09.038469076 CET | 53 | 51489 | 1.1.1.1 | 192.168.2.4 |
Mar 29, 2024 14:31:14.336827040 CET | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Mar 29, 2024 14:31:28.199877024 CET | 53 | 57313 | 1.1.1.1 | 192.168.2.4 |
Mar 29, 2024 14:31:51.404030085 CET | 53 | 58179 | 1.1.1.1 | 192.168.2.4 |
Mar 29, 2024 14:31:51.411396980 CET | 53 | 58099 | 1.1.1.1 | 192.168.2.4 |
Mar 29, 2024 14:32:18.851865053 CET | 53 | 65519 | 1.1.1.1 | 192.168.2.4 |
Mar 29, 2024 14:33:03.748547077 CET | 53 | 65456 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 29, 2024 14:30:54.211457968 CET | 192.168.2.4 | 1.1.1.1 | 0x8fc9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 29, 2024 14:30:54.211637974 CET | 192.168.2.4 | 1.1.1.1 | 0x7cf | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 29, 2024 14:30:54.312774897 CET | 1.1.1.1 | 192.168.2.4 | 0x7cf | No error (0) | 65 | IN (0x0001) | false | |||
Mar 29, 2024 14:30:54.312793016 CET | 1.1.1.1 | 192.168.2.4 | 0x8fc9 | No error (0) | 142.251.16.147 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 14:30:54.312793016 CET | 1.1.1.1 | 192.168.2.4 | 0x8fc9 | No error (0) | 142.251.16.99 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 14:30:54.312793016 CET | 1.1.1.1 | 192.168.2.4 | 0x8fc9 | No error (0) | 142.251.16.105 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 14:30:54.312793016 CET | 1.1.1.1 | 192.168.2.4 | 0x8fc9 | No error (0) | 142.251.16.104 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 14:30:54.312793016 CET | 1.1.1.1 | 192.168.2.4 | 0x8fc9 | No error (0) | 142.251.16.103 | A (IP address) | IN (0x0001) | false | ||
Mar 29, 2024 14:30:54.312793016 CET | 1.1.1.1 | 192.168.2.4 | 0x8fc9 | No error (0) | 142.251.16.106 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49738 | 23.56.8.114 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 13:30:56 UTC | 161 | OUT | |
2024-03-29 13:30:56 UTC | 468 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49739 | 23.56.8.114 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 13:30:57 UTC | 239 | OUT | |
2024-03-29 13:30:57 UTC | 531 | IN | |
2024-03-29 13:30:57 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49744 | 20.12.23.50 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 13:31:06 UTC | 306 | OUT | |
2024-03-29 13:31:06 UTC | 560 | IN | |
2024-03-29 13:31:06 UTC | 15824 | IN | |
2024-03-29 13:31:06 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49752 | 20.12.23.50 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-29 13:31:44 UTC | 306 | OUT | |
2024-03-29 13:31:44 UTC | 560 | IN | |
2024-03-29 13:31:44 UTC | 15824 | IN | |
2024-03-29 13:31:44 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 14:30:45 |
Start date: | 29/03/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 14:30:49 |
Start date: | 29/03/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |