Windows
Analysis Report
https://ci3.googleusercontent.com/proxy/vOrPHt9ZJzDRYm5w1TXZnz7l43jh4ihTe_AydUfd1IsbrX4YTpTXDBugkh-cOnqla1vzxkTKQkv1PuRDwv8DhlwV-XbdJlhWq_QWeqMddpeVCV0=s0-d-e1-ft#https://www.docusign.net/member/Images/email/docInvite-white.png
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 2712 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA) - chrome.exe (PID: 2632 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2176 --fi eld-trial- handle=199 2,i,104695 2182996893 9716,11271 3594706389 38333,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- chrome.exe (PID: 1268 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://ci3.g oogleuserc ontent.com /proxy/vOr PHt9ZJzDRY m5w1TXZnz7 l43jh4ihTe _AydUfd1Is brX4YTpTXD Bugkh-cOnq la1vzxkTKQ kv1PuRDwv8 DhlwV-XbdJ lhWq_QWeqM ddpeVCV0=s 0-d-e1-ft# https://ww w.docusign .net/membe r/Images/e mail/docIn vite-white .png" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
- mspaint.exe (PID: 280 cmdline:
mspaint.ex e "C:\User s\user\Des ktop\" MD5: 986A191E95952C9E3FE6BE112FB92026)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | File opened: | Jump to behavior |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 11 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 64.233.177.106 | true | false | high | |
ci3.googleusercontent.com | 173.194.219.132 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
64.233.177.106 | www.google.com | United States | 15169 | GOOGLEUS | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
173.194.219.132 | ci3.googleusercontent.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.10 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1426819 |
Start date and time: | 2024-04-16 17:04:03 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 21s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://ci3.googleusercontent.com/proxy/vOrPHt9ZJzDRYm5w1TXZnz7l43jh4ihTe_AydUfd1IsbrX4YTpTXDBugkh-cOnqla1vzxkTKQkv1PuRDwv8DhlwV-XbdJlhWq_QWeqMddpeVCV0=s0-d-e1-ft#https://www.docusign.net/member/Images/email/docInvite-white.png |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.win@18/12@4/4 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 172.253.124.94, 64.233.185.139, 64.233.185.101, 64.233.185.138, 64.233.185.100, 64.233.185.102, 64.233.185.113, 108.177.122.84, 34.104.35.123, 199.232.214.172
- Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2673 |
Entropy (8bit): | 3.9835398448231616 |
Encrypted: | false |
SSDEEP: | 48:8XObdYTsPHbidAKZdA1uehwiZUklqehQy+3:8XFQ+/y |
MD5: | C64FCE69A439320BCD821EC95AF39E12 |
SHA1: | 50BBDE0D4B10D1A00D8CAC7CCCEC87E4D9F11094 |
SHA-256: | F531A3AB26E7FB5E54FC7AC5E21F26C23BEA67F572B854BF1928E7CF04076DCD |
SHA-512: | E6675ADBA1D86EE03477C9E2B1FB2ECD14EB1D91EB30842C5804600E3B1039CFFBE9DA8711604B903BAFE5A25E848C7E327EF3053849AF71EFAA2453D0984B09 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2675 |
Entropy (8bit): | 4.001095851361349 |
Encrypted: | false |
SSDEEP: | 48:8IObdYTsPHbidAKZdA1Heh/iZUkAQkqehvy+2:8IFQo9QWy |
MD5: | 3672FD153D925CD097ED50AC7963F7C2 |
SHA1: | 5124F1F015170E8BCF92DF455D4DE1922E72733B |
SHA-256: | A45122AA81154F4E353B4F93F8A7E87AEADB00ED54932BD0DB002B43A0B91056 |
SHA-512: | 86807133D77A789BB3F17E30CEB73F84366305C9A18891C00DF731FCF568D6DD239E533FFC9BAFD47A5413DBB019B9F50DA838B3C18AC2F82DC74CF8BD31D075 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2689 |
Entropy (8bit): | 4.0106341410531305 |
Encrypted: | false |
SSDEEP: | 48:8FObdYTsbHbidAKZdA149eh7sFiZUkmgqeh7sdy+BX:8FFQ4nLy |
MD5: | F675D6ED3FE22DED7D397A60316F9C78 |
SHA1: | C71B11D4E5A2AB4949BB4F25FD65B5FB7F3E11DC |
SHA-256: | 9DAC957560E677D2E7DCFA174659A50E679B1B9A8D9C6D1F9E79F0D665AF5D00 |
SHA-512: | BD22A3BCEC1883AEAB3679548F4B123F60F325B0C7AEC1FBDF788414832E313A7A0E87ECDD5570A07E3B61CEB4538D65EFB2F259A56CF4FD99C2C283753BA561 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 4.000303490648458 |
Encrypted: | false |
SSDEEP: | 48:8OgObdYTsPHbidAKZdA14ehDiZUkwqehjy+R:8OgFQDVy |
MD5: | 6DDFE5BD6260762978E05C1319227B61 |
SHA1: | 8C1C945C7BC32808C0707E6C14F0ECB51383A40A |
SHA-256: | FA8478ED8EACDD1E346CFF57239691968AC3615797C264E6D136685BF096AF0C |
SHA-512: | 50726ABE20FA55D17F8C3F5B674F85103E16D99E85566AC036CA2EC77A3033344CD5E3CDB558E54F3DA3B6D41DB5890C1E897571AE1B345AACB646BEC70E4DA3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.988020694062643 |
Encrypted: | false |
SSDEEP: | 48:8DObdYTsPHbidAKZdA1mehBiZUk1W1qehJy+C:8DFQD9py |
MD5: | C04555D3C6A50DA1005134D2287C13A9 |
SHA1: | C9DD9D5960A31CBF202882765A62712A7E5C9C85 |
SHA-256: | 1C70CA73F103C9B44005418A7B75B8FFB799870AB6472411CBA4ACD3757F946C |
SHA-512: | 62275A83A07F8ECE874AF50A24707DEFF185836FB2A7E7C1081FCB71DDC75888D84ED1DDABC587B54921FDE385DDBF5310BB30DDED7384F84FBFCDEB15B6C008 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.999619760169213 |
Encrypted: | false |
SSDEEP: | 48:8/ObdYTsPHbidAKZdA1duT1ehOuTbbiZUk5OjqehOuTbLy+yT+:8/FQCTyTbxWOvTbLy7T |
MD5: | 14667A563AD48DD634556A02E73D938C |
SHA1: | D8D92608889893E643EF8FA59432F67D70232DC6 |
SHA-256: | CA35458F1E99C94DB01CDBC707E5B91048C26F5F09694E38F4562ADB4903E743 |
SHA-512: | 2B093E9D39A16C4F345A05B6CF89F609D328266B8D320F32C05B88C476E68F432ED18AE642C9A5078BF3F4BF69CBC7C8819C8E38F698EABDFB4227B6D541C160 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1925 |
Entropy (8bit): | 7.859553757013881 |
Encrypted: | false |
SSDEEP: | 48:/UHwFblssMrHjRrwe5VA63skOQivyZVFXyfv8idLXLxlPc:/UHauswDRrwwDZVFXgdzvU |
MD5: | 83ADD2A64C54126FD886402941661F34 |
SHA1: | 22FD6C448E57A21E1EA153177FC165BB5080338F |
SHA-256: | 00F8F0AAC7306DD11ED5946FE1B15B89CAA8DA1AD56C3759DBA9A0D10D92BC48 |
SHA-512: | 8CCE5DC05AA95FCEDA99AEC2667FF8A74C01E81F725F3600AAC00380BC92AD03420EAFB45E187F33C72A400171D0DA06D0ACD351A9F62B248BC97C9036A3FDDF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3074 |
Entropy (8bit): | 7.899576261848257 |
Encrypted: | false |
SSDEEP: | 48:/UHwFblssMrHjRrwe5VA63skOQivyZVFXyfv8idLXLxlPdqi2Y2vEntgWt9svB+1:/UHauswDRrwwDZVFXgdzvVq5cnavE5Sk |
MD5: | 71B489BDCF0E0B51DB7BD75716DDF547 |
SHA1: | A032452C5A4674B99A9AFB68A89F701E94E59A7C |
SHA-256: | 656A4F0589DBA0B5F4606F6AA73D970D5D108F8A09A91EEFB5E0ABD7881510E6 |
SHA-512: | 994152958EC2ACA5F8B33402A24378AC7A33A00DD78F1BC14E1593ADEE31BDEF279EFBD65BF6767D30B4200929E768F821F1AE8BA79169124774B09B63DC4218 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3074 |
Entropy (8bit): | 7.899576261848257 |
Encrypted: | false |
SSDEEP: | 48:/UHwFblssMrHjRrwe5VA63skOQivyZVFXyfv8idLXLxlPdqi2Y2vEntgWt9svB+1:/UHauswDRrwwDZVFXgdzvVq5cnavE5Sk |
MD5: | 71B489BDCF0E0B51DB7BD75716DDF547 |
SHA1: | A032452C5A4674B99A9AFB68A89F701E94E59A7C |
SHA-256: | 656A4F0589DBA0B5F4606F6AA73D970D5D108F8A09A91EEFB5E0ABD7881510E6 |
SHA-512: | 994152958EC2ACA5F8B33402A24378AC7A33A00DD78F1BC14E1593ADEE31BDEF279EFBD65BF6767D30B4200929E768F821F1AE8BA79169124774B09B63DC4218 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\mspaint.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1514 |
Entropy (8bit): | 5.2531949121692305 |
Encrypted: | false |
SSDEEP: | 24:0uSE3WF02k9YXCjWF0qXcUWF0kuquUWF0w3OZWF0HXd/bXE34E/Xd/TzElgNYxeT:0uSE3WSmXMWS4cUWSkuVUWSw3GWS3Rz4 |
MD5: | 713EDD3AE78664A5D6811CAA3E914C29 |
SHA1: | 7759663BE7B58BC50A711F933A232DDEC7AFF5AD |
SHA-256: | 7C1ACC5671C4F1802D12EFCB4FBED3C915A726EAE1732CCFD2B53EDC0DDC7431 |
SHA-512: | 466525A843180E3F8AC2A7C54B77A8DF32D93C65339D791EA3E7FB52D64798503B9D7F99224AD82964893A3BD5E77115DCE2AD827A9A86489A3917B59DF0040A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3074 |
Entropy (8bit): | 7.899576261848257 |
Encrypted: | false |
SSDEEP: | 48:/UHwFblssMrHjRrwe5VA63skOQivyZVFXyfv8idLXLxlPdqi2Y2vEntgWt9svB+1:/UHauswDRrwwDZVFXgdzvVq5cnavE5Sk |
MD5: | 71B489BDCF0E0B51DB7BD75716DDF547 |
SHA1: | A032452C5A4674B99A9AFB68A89F701E94E59A7C |
SHA-256: | 656A4F0589DBA0B5F4606F6AA73D970D5D108F8A09A91EEFB5E0ABD7881510E6 |
SHA-512: | 994152958EC2ACA5F8B33402A24378AC7A33A00DD78F1BC14E1593ADEE31BDEF279EFBD65BF6767D30B4200929E768F821F1AE8BA79169124774B09B63DC4218 |
Malicious: | false |
Reputation: | low |
URL: | https://ci3.googleusercontent.com/proxy/vOrPHt9ZJzDRYm5w1TXZnz7l43jh4ihTe_AydUfd1IsbrX4YTpTXDBugkh-cOnqla1vzxkTKQkv1PuRDwv8DhlwV-XbdJlhWq_QWeqMddpeVCV0=s0-d-e1-ft |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 16, 2024 17:04:45.802387953 CEST | 49671 | 443 | 192.168.2.10 | 204.79.197.203 |
Apr 16, 2024 17:04:46.114484072 CEST | 49671 | 443 | 192.168.2.10 | 204.79.197.203 |
Apr 16, 2024 17:04:46.723880053 CEST | 49671 | 443 | 192.168.2.10 | 204.79.197.203 |
Apr 16, 2024 17:04:46.895730019 CEST | 49674 | 443 | 192.168.2.10 | 173.222.162.55 |
Apr 16, 2024 17:04:46.895891905 CEST | 49675 | 443 | 192.168.2.10 | 173.222.162.55 |
Apr 16, 2024 17:04:47.927004099 CEST | 49671 | 443 | 192.168.2.10 | 204.79.197.203 |
Apr 16, 2024 17:04:50.333245993 CEST | 49671 | 443 | 192.168.2.10 | 204.79.197.203 |
Apr 16, 2024 17:04:53.903851986 CEST | 49707 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:53.903945923 CEST | 443 | 49707 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:53.904083014 CEST | 49707 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:53.904398918 CEST | 49708 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:53.904442072 CEST | 443 | 49708 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:53.904571056 CEST | 49708 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:53.904603958 CEST | 49707 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:53.904643059 CEST | 443 | 49707 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:53.904836893 CEST | 49708 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:53.904850960 CEST | 443 | 49708 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.071820021 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Apr 16, 2024 17:04:54.124974012 CEST | 443 | 49707 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.127300978 CEST | 49707 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:54.127325058 CEST | 443 | 49707 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.127861023 CEST | 443 | 49707 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.127927065 CEST | 49707 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:54.128563881 CEST | 443 | 49707 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.128626108 CEST | 49707 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:54.128631115 CEST | 443 | 49707 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.152677059 CEST | 443 | 49708 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.170696020 CEST | 49708 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:54.170720100 CEST | 443 | 49708 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.170840025 CEST | 49707 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:54.171236038 CEST | 49707 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:54.171251059 CEST | 443 | 49707 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.171344042 CEST | 443 | 49707 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.172239065 CEST | 443 | 49708 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.172317982 CEST | 49708 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:54.174720049 CEST | 443 | 49708 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.174788952 CEST | 49708 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:54.174794912 CEST | 443 | 49708 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.175323009 CEST | 49708 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:54.175502062 CEST | 443 | 49708 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.223876953 CEST | 49707 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:54.223903894 CEST | 443 | 49707 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.223944902 CEST | 49708 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:54.223961115 CEST | 443 | 49708 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.269737005 CEST | 49707 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:54.270140886 CEST | 49708 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:54.336056948 CEST | 443 | 49707 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.338406086 CEST | 443 | 49707 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.338608027 CEST | 49707 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:54.338630915 CEST | 443 | 49707 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.345441103 CEST | 443 | 49707 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.345501900 CEST | 49707 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:54.345643044 CEST | 49707 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:04:54.345664024 CEST | 443 | 49707 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:04:54.382378101 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Apr 16, 2024 17:04:54.990360975 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Apr 16, 2024 17:04:55.138380051 CEST | 49671 | 443 | 192.168.2.10 | 204.79.197.203 |
Apr 16, 2024 17:04:56.191447020 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Apr 16, 2024 17:04:56.251362085 CEST | 49711 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:04:56.251410961 CEST | 443 | 49711 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:04:56.251476049 CEST | 49711 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:04:56.251708031 CEST | 49711 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:04:56.251720905 CEST | 443 | 49711 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:04:56.480948925 CEST | 443 | 49711 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:04:56.481940031 CEST | 49711 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:04:56.481966019 CEST | 443 | 49711 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:04:56.483161926 CEST | 443 | 49711 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:04:56.483241081 CEST | 49711 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:04:56.484460115 CEST | 49711 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:04:56.484524012 CEST | 443 | 49711 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:04:56.503971100 CEST | 49675 | 443 | 192.168.2.10 | 173.222.162.55 |
Apr 16, 2024 17:04:56.504046917 CEST | 49674 | 443 | 192.168.2.10 | 173.222.162.55 |
Apr 16, 2024 17:04:56.535191059 CEST | 49711 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:04:56.535207987 CEST | 443 | 49711 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:04:56.582068920 CEST | 49711 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:04:56.625458956 CEST | 49712 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:56.625499010 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:56.625633001 CEST | 49712 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:56.627561092 CEST | 49712 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:56.627573013 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:56.845195055 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:56.846117973 CEST | 49712 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:56.850116968 CEST | 49712 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:56.850127935 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:56.850344896 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:56.894840002 CEST | 49712 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:56.906723022 CEST | 49712 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:56.952120066 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:57.048479080 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:57.048541069 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:57.048672915 CEST | 49712 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:57.048691034 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:57.048717022 CEST | 49712 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:57.048717022 CEST | 49712 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:57.048722982 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:57.048731089 CEST | 443 | 49712 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:57.102675915 CEST | 49713 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:57.102718115 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:57.102794886 CEST | 49713 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:57.103168964 CEST | 49713 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:57.103185892 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:57.315222979 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:57.315299034 CEST | 49713 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:57.316886902 CEST | 49713 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:57.316894054 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:57.317115068 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:57.318408012 CEST | 49713 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:57.364125967 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:57.523441076 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:57.523523092 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:57.523595095 CEST | 49713 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:57.525484085 CEST | 49713 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:57.525484085 CEST | 49713 | 443 | 192.168.2.10 | 23.220.189.216 |
Apr 16, 2024 17:04:57.525513887 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:57.525522947 CEST | 443 | 49713 | 23.220.189.216 | 192.168.2.10 |
Apr 16, 2024 17:04:58.598637104 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Apr 16, 2024 17:05:03.411190033 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Apr 16, 2024 17:05:04.739191055 CEST | 49671 | 443 | 192.168.2.10 | 204.79.197.203 |
Apr 16, 2024 17:05:06.467483044 CEST | 443 | 49711 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:05:06.467592955 CEST | 443 | 49711 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:05:06.467674971 CEST | 49711 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:05:07.015407085 CEST | 49714 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:07.015446901 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:07.015532970 CEST | 49714 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:07.016690016 CEST | 49714 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:07.016702890 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:07.640573978 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:07.640639067 CEST | 49714 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:07.643599987 CEST | 49714 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:07.643609047 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:07.643897057 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:07.691534996 CEST | 49714 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:08.061820984 CEST | 49714 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:08.108118057 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:08.236340046 CEST | 49711 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:05:08.236371040 CEST | 443 | 49711 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:05:08.469794989 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:08.469824076 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:08.469856977 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:08.469897032 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:08.469899893 CEST | 49714 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:08.469926119 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:08.469944954 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:08.469959021 CEST | 49714 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:08.469990015 CEST | 49714 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:08.470094919 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:08.470153093 CEST | 49714 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:08.470163107 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:08.470287085 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:08.470333099 CEST | 49714 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:08.718300104 CEST | 49714 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:08.718300104 CEST | 49714 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:08.718328953 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:08.718334913 CEST | 443 | 49714 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:13.024568081 CEST | 49677 | 443 | 192.168.2.10 | 20.42.65.85 |
Apr 16, 2024 17:05:39.238980055 CEST | 49708 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:05:39.239011049 CEST | 443 | 49708 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:05:45.346735001 CEST | 49718 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:45.346776009 CEST | 443 | 49718 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:45.346978903 CEST | 49718 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:45.347397089 CEST | 49718 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:45.347410917 CEST | 443 | 49718 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:45.965044022 CEST | 443 | 49718 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:45.965198994 CEST | 49718 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:45.967916965 CEST | 49718 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:45.967926025 CEST | 443 | 49718 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:45.968173981 CEST | 443 | 49718 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:45.973650932 CEST | 49718 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:46.020133972 CEST | 443 | 49718 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:46.574491024 CEST | 443 | 49718 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:46.574605942 CEST | 443 | 49718 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:46.574623108 CEST | 443 | 49718 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:46.574707031 CEST | 49718 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:46.574733973 CEST | 443 | 49718 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:46.574753046 CEST | 443 | 49718 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:46.574763060 CEST | 443 | 49718 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:46.574798107 CEST | 49718 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:46.574798107 CEST | 49718 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:46.574847937 CEST | 49718 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:46.577111006 CEST | 49718 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:46.577138901 CEST | 443 | 49718 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:46.577153921 CEST | 49718 | 443 | 192.168.2.10 | 40.68.123.157 |
Apr 16, 2024 17:05:46.577161074 CEST | 443 | 49718 | 40.68.123.157 | 192.168.2.10 |
Apr 16, 2024 17:05:54.242057085 CEST | 49708 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:05:54.242196083 CEST | 443 | 49708 | 173.194.219.132 | 192.168.2.10 |
Apr 16, 2024 17:05:54.242278099 CEST | 49708 | 443 | 192.168.2.10 | 173.194.219.132 |
Apr 16, 2024 17:05:56.208832026 CEST | 49720 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:05:56.208862066 CEST | 443 | 49720 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:05:56.209039927 CEST | 49720 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:05:56.209611893 CEST | 49720 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:05:56.209619999 CEST | 443 | 49720 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:05:56.422188997 CEST | 443 | 49720 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:05:56.422554970 CEST | 49720 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:05:56.422565937 CEST | 443 | 49720 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:05:56.423098087 CEST | 443 | 49720 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:05:56.423521996 CEST | 49720 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:05:56.423587084 CEST | 443 | 49720 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:05:56.473392010 CEST | 49720 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:06:06.477242947 CEST | 443 | 49720 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:06:06.477308989 CEST | 443 | 49720 | 64.233.177.106 | 192.168.2.10 |
Apr 16, 2024 17:06:06.477385998 CEST | 49720 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:06:08.244293928 CEST | 49720 | 443 | 192.168.2.10 | 64.233.177.106 |
Apr 16, 2024 17:06:08.244316101 CEST | 443 | 49720 | 64.233.177.106 | 192.168.2.10 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 16, 2024 17:04:51.912719011 CEST | 53 | 55817 | 1.1.1.1 | 192.168.2.10 |
Apr 16, 2024 17:04:52.070602894 CEST | 53 | 52125 | 1.1.1.1 | 192.168.2.10 |
Apr 16, 2024 17:04:52.664072037 CEST | 53 | 58599 | 1.1.1.1 | 192.168.2.10 |
Apr 16, 2024 17:04:53.798609972 CEST | 65483 | 53 | 192.168.2.10 | 1.1.1.1 |
Apr 16, 2024 17:04:53.798731089 CEST | 64028 | 53 | 192.168.2.10 | 1.1.1.1 |
Apr 16, 2024 17:04:53.903115988 CEST | 53 | 65483 | 1.1.1.1 | 192.168.2.10 |
Apr 16, 2024 17:04:53.903143883 CEST | 53 | 64028 | 1.1.1.1 | 192.168.2.10 |
Apr 16, 2024 17:04:56.145489931 CEST | 57430 | 53 | 192.168.2.10 | 1.1.1.1 |
Apr 16, 2024 17:04:56.145895958 CEST | 59662 | 53 | 192.168.2.10 | 1.1.1.1 |
Apr 16, 2024 17:04:56.250263929 CEST | 53 | 57430 | 1.1.1.1 | 192.168.2.10 |
Apr 16, 2024 17:04:56.250282049 CEST | 53 | 59662 | 1.1.1.1 | 192.168.2.10 |
Apr 16, 2024 17:05:10.157068968 CEST | 53 | 55966 | 1.1.1.1 | 192.168.2.10 |
Apr 16, 2024 17:05:29.282234907 CEST | 53 | 51928 | 1.1.1.1 | 192.168.2.10 |
Apr 16, 2024 17:05:51.712378025 CEST | 53 | 54991 | 1.1.1.1 | 192.168.2.10 |
Apr 16, 2024 17:05:52.051589966 CEST | 53 | 60002 | 1.1.1.1 | 192.168.2.10 |
Apr 16, 2024 17:05:53.169306040 CEST | 138 | 138 | 192.168.2.10 | 192.168.2.255 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 16, 2024 17:04:53.798609972 CEST | 192.168.2.10 | 1.1.1.1 | 0x76f2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 16, 2024 17:04:53.798731089 CEST | 192.168.2.10 | 1.1.1.1 | 0xcd56 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 16, 2024 17:04:56.145489931 CEST | 192.168.2.10 | 1.1.1.1 | 0xba8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 16, 2024 17:04:56.145895958 CEST | 192.168.2.10 | 1.1.1.1 | 0x3eba | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 16, 2024 17:04:53.903115988 CEST | 1.1.1.1 | 192.168.2.10 | 0x76f2 | No error (0) | 173.194.219.132 | A (IP address) | IN (0x0001) | false | ||
Apr 16, 2024 17:04:56.250263929 CEST | 1.1.1.1 | 192.168.2.10 | 0xba8 | No error (0) | 64.233.177.106 | A (IP address) | IN (0x0001) | false | ||
Apr 16, 2024 17:04:56.250263929 CEST | 1.1.1.1 | 192.168.2.10 | 0xba8 | No error (0) | 64.233.177.99 | A (IP address) | IN (0x0001) | false | ||
Apr 16, 2024 17:04:56.250263929 CEST | 1.1.1.1 | 192.168.2.10 | 0xba8 | No error (0) | 64.233.177.105 | A (IP address) | IN (0x0001) | false | ||
Apr 16, 2024 17:04:56.250263929 CEST | 1.1.1.1 | 192.168.2.10 | 0xba8 | No error (0) | 64.233.177.103 | A (IP address) | IN (0x0001) | false | ||
Apr 16, 2024 17:04:56.250263929 CEST | 1.1.1.1 | 192.168.2.10 | 0xba8 | No error (0) | 64.233.177.104 | A (IP address) | IN (0x0001) | false | ||
Apr 16, 2024 17:04:56.250263929 CEST | 1.1.1.1 | 192.168.2.10 | 0xba8 | No error (0) | 64.233.177.147 | A (IP address) | IN (0x0001) | false | ||
Apr 16, 2024 17:04:56.250282049 CEST | 1.1.1.1 | 192.168.2.10 | 0x3eba | No error (0) | 65 | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.10 | 49707 | 173.194.219.132 | 443 | 2632 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 15:04:54 UTC | 929 | OUT | |
2024-04-16 15:04:54 UTC | 585 | IN | |
2024-04-16 15:04:54 UTC | 670 | IN | |
2024-04-16 15:04:54 UTC | 1255 | IN | |
2024-04-16 15:04:54 UTC | 1149 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.10 | 49712 | 23.220.189.216 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 15:04:56 UTC | 161 | OUT | |
2024-04-16 15:04:57 UTC | 468 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.10 | 49713 | 23.220.189.216 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 15:04:57 UTC | 239 | OUT | |
2024-04-16 15:04:57 UTC | 535 | IN | |
2024-04-16 15:04:57 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.10 | 49714 | 40.68.123.157 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 15:05:08 UTC | 306 | OUT | |
2024-04-16 15:05:08 UTC | 560 | IN | |
2024-04-16 15:05:08 UTC | 15824 | IN | |
2024-04-16 15:05:08 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.10 | 49718 | 40.68.123.157 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-16 15:05:45 UTC | 306 | OUT | |
2024-04-16 15:05:46 UTC | 560 | IN | |
2024-04-16 15:05:46 UTC | 15824 | IN | |
2024-04-16 15:05:46 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 1 |
Start time: | 17:04:47 |
Start date: | 16/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c5c30000 |
File size: | 3'242'272 bytes |
MD5 hash: | 83395EAB5B03DEA9720F8D7AC0D15CAA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 17:04:50 |
Start date: | 16/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c5c30000 |
File size: | 3'242'272 bytes |
MD5 hash: | 83395EAB5B03DEA9720F8D7AC0D15CAA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 4 |
Start time: | 17:04:53 |
Start date: | 16/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c5c30000 |
File size: | 3'242'272 bytes |
MD5 hash: | 83395EAB5B03DEA9720F8D7AC0D15CAA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 17 |
Start time: | 17:06:09 |
Start date: | 16/04/2024 |
Path: | C:\Windows\SysWOW64\mspaint.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 743'424 bytes |
MD5 hash: | 986A191E95952C9E3FE6BE112FB92026 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |