Windows
Analysis Report
http://client-api.arkoselabs.com
Overview
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 6976 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6728 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2564 --fi eld-trial- handle=253 2,i,166346 4397611797 074,184415 6762879201 4833,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 2020 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://client -api.arkos elabs.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 74.125.136.103 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown | |
client-api.arkoselabs.com | unknown | unknown | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
74.125.136.103 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1427206 |
Start date and time: | 2024-04-17 09:02:29 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://client-api.arkoselabs.com |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.win@18/6@6/3 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.251.15.94, 172.253.124.101, 172.253.124.113, 172.253.124.102, 172.253.124.100, 172.253.124.138, 172.253.124.139, 142.250.105.84, 34.104.35.123, 104.18.33.170, 172.64.154.86, 52.165.165.26, 199.232.214.172, 96.7.245.17, 96.7.245.89, 192.229.211.108, 20.166.126.56, 20.3.187.198, 40.68.123.157, 64.233.185.94, 13.85.23.86
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, client-api.arkoselabs.com.cdn.cloudflare.net, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9753364825878545 |
Encrypted: | false |
SSDEEP: | 48:82dJTRJoHyidAKZdA19ehwiZUklqehHy+3:8w/lcy |
MD5: | 8215E6B56D1F01C18B1C053C26D1031D |
SHA1: | 090A2651909059E2BC54375DCCD0AB6E5D6E1604 |
SHA-256: | B3C58EF3ABF44897C030DBAD9181A35CCC08DD6DA6FE2DAC3E35FBDE2795FA65 |
SHA-512: | 092D39FC5C79A2B624FDD295E6A5806FB8740D9C2F2DC6EC44C075CF329546BC487D1CA18896A9532C3AC385E8E719871F370E859A303B70DEFE28380C92A5F0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.9924860020541977 |
Encrypted: | false |
SSDEEP: | 48:8BdJTRJoHyidAKZdA1weh/iZUkAQkqehMy+2:8V//9Q1y |
MD5: | 820C7682056CDC8D6814CA63692B0044 |
SHA1: | 1129F27E96C300490CB2B9742EA58EF66548C0E9 |
SHA-256: | C9D28A583A81B00D1106DA8BA78E35DEC6F5AF84FCB3E108E9E0240E5AC0A9D3 |
SHA-512: | 797FD6444E33746977DE67C893BAE2E0682952BF495CCE36946DA031B30E172A8AE8BBBA7B2B8AA970D3851016B92C9029D04A0AD110EE14C43DB3B73CBCE011 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.002135870404837 |
Encrypted: | false |
SSDEEP: | 48:8xqdJTRJsHyidAKZdA14tseh7sFiZUkmgqeh7sSy+BX:8xs/bngy |
MD5: | B00384486BD717F516CC543CD47B619F |
SHA1: | 4790B11D6CC72F931FA06FF37B59554DB2F7240B |
SHA-256: | D0598C87E812D4F2CE0CC6D1A4F1936FEA4BFF44F4A17DBD64C17B6F8B2D8699 |
SHA-512: | 5A1C86448ACE6CB0E7DE6607AF94FEE3AB0B8A5C6397DD3870DE1E6401984AACA8DD1DC5114972294431903A7557AA326378E8B3B70335A1EA3D97BBF631F85F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.991281899198532 |
Encrypted: | false |
SSDEEP: | 48:8cdJTRJoHyidAKZdA1vehDiZUkwqehoy+R:86/8ay |
MD5: | 51CB10B3D0CDDFEB409C2ED1140DEAD2 |
SHA1: | ED386EB56178E3638B2CAC3399A11CEC83A50A5F |
SHA-256: | C673C6B4EC2B8778DE0059145A35CDC62E18234D8739DBB082F2979F3ECF3C9B |
SHA-512: | 2860BC2E636EAC3413F89BEB94D61923DBB20BE7C6C6D5DA9F204F22A0719FF17A09EE544EAC124D1EF75301AC72CF59653B5BBF3F5537C228E6DCA43927BEDC |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.980537566229726 |
Encrypted: | false |
SSDEEP: | 48:87dJTRJoHyidAKZdA1hehBiZUk1W1qeh2y+C:8D/M9Wy |
MD5: | 2E8137CF0BAB98ACA4EB133AC659365D |
SHA1: | A0175D68D5D8423867AAF8B10C9F15F85AD27399 |
SHA-256: | C78E4D91B4F895E441F8EEF3387F02E9F6C59CB873F3756285A55CD26EFF14F7 |
SHA-512: | 9509AA435AF926367EF3277EA16266E6419D63853F958FF07C504BEC082DD7048E95ED4B5A699841496D5029B43AF63A8F192A84209C533CB77D21D097B56B5C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9901762022944385 |
Encrypted: | false |
SSDEEP: | 48:8gdJTRJoHyidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbgy+yT+:82/iT/TbxWOvTbgy7T |
MD5: | 736D2356AF881BFA8A88FA45CF3CBC8E |
SHA1: | 4C8AF77A4A44509263EC9D91EEEDFEBDE504A0D5 |
SHA-256: | C7520834A441C349313C92B8AA06A254E42B2C25DABBB5849BC66A326D59C417 |
SHA-512: | 40D807401DEED49976692149311B29C3E3C9391BF671D761E9B6BD54FFF5BB38DBD93DFD7C4C1CCC26695FC5446772D9AF209DC5055FA2FF2F098A705FB3D84F |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 17, 2024 09:03:13.464766026 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 17, 2024 09:03:13.464766026 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 17, 2024 09:03:13.574143887 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 17, 2024 09:03:21.852154016 CEST | 49714 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:03:21.852169991 CEST | 443 | 49714 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:03:21.852237940 CEST | 49714 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:03:21.853671074 CEST | 49714 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:03:21.853684902 CEST | 443 | 49714 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:03:22.079335928 CEST | 443 | 49714 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:03:22.079580069 CEST | 49714 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:03:22.079591036 CEST | 443 | 49714 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:03:22.081260920 CEST | 443 | 49714 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:03:22.081340075 CEST | 49714 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:03:22.234087944 CEST | 49714 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:03:22.234261036 CEST | 443 | 49714 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:03:22.278064013 CEST | 49714 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:03:22.278073072 CEST | 443 | 49714 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:03:22.324939966 CEST | 49714 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:03:22.610172987 CEST | 49715 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:22.610253096 CEST | 443 | 49715 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:22.610373974 CEST | 49715 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:22.613895893 CEST | 49715 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:22.613930941 CEST | 443 | 49715 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:22.835432053 CEST | 443 | 49715 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:22.835525990 CEST | 49715 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:22.841300964 CEST | 49715 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:22.841329098 CEST | 443 | 49715 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:22.841598988 CEST | 443 | 49715 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:22.887439013 CEST | 49715 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:22.928415060 CEST | 49715 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:22.972121954 CEST | 443 | 49715 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:23.037070990 CEST | 443 | 49715 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:23.037230015 CEST | 443 | 49715 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:23.037283897 CEST | 49715 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:23.037283897 CEST | 49715 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:23.037355900 CEST | 443 | 49715 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:23.037395954 CEST | 49715 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:23.037414074 CEST | 443 | 49715 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:23.074937105 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 17, 2024 09:03:23.074934959 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 17, 2024 09:03:23.084588051 CEST | 49716 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:23.084630966 CEST | 443 | 49716 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:23.084701061 CEST | 49716 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:23.085021019 CEST | 49716 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:23.085041046 CEST | 443 | 49716 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:23.184333086 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 17, 2024 09:03:23.303983927 CEST | 443 | 49716 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:23.304122925 CEST | 49716 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:23.306252956 CEST | 49716 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:23.306262970 CEST | 443 | 49716 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:23.307025909 CEST | 443 | 49716 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:23.308412075 CEST | 49716 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:23.356117964 CEST | 443 | 49716 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:23.509747982 CEST | 443 | 49716 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:23.509941101 CEST | 443 | 49716 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:23.510045052 CEST | 49716 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:23.510688066 CEST | 49716 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:23.510688066 CEST | 49716 | 443 | 192.168.2.5 | 23.55.253.34 |
Apr 17, 2024 09:03:23.510732889 CEST | 443 | 49716 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:23.510744095 CEST | 443 | 49716 | 23.55.253.34 | 192.168.2.5 |
Apr 17, 2024 09:03:24.549076080 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 17, 2024 09:03:24.549190998 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 17, 2024 09:03:32.085180998 CEST | 443 | 49714 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:03:32.085268021 CEST | 443 | 49714 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:03:32.085336924 CEST | 49714 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:03:34.290775061 CEST | 49714 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:03:34.290793896 CEST | 443 | 49714 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:03:35.019304037 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 17, 2024 09:03:35.019449949 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 17, 2024 09:03:35.069638014 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 17, 2024 09:03:35.069683075 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 17, 2024 09:03:35.069755077 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 17, 2024 09:03:35.081830025 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 17, 2024 09:03:35.081851959 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 17, 2024 09:03:35.171426058 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 17, 2024 09:03:35.171446085 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 17, 2024 09:03:35.393666029 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 17, 2024 09:03:35.393745899 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 17, 2024 09:03:54.542013884 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 17, 2024 09:03:54.542093039 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 17, 2024 09:04:21.772092104 CEST | 49727 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:04:21.772152901 CEST | 443 | 49727 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:04:21.772236109 CEST | 49727 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:04:21.772914886 CEST | 49727 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:04:21.772934914 CEST | 443 | 49727 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:04:21.995291948 CEST | 443 | 49727 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:04:21.995748997 CEST | 49727 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:04:21.995780945 CEST | 443 | 49727 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:04:21.997092962 CEST | 443 | 49727 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:04:22.000488043 CEST | 49727 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:04:22.000705957 CEST | 443 | 49727 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:04:22.043014050 CEST | 49727 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:04:31.987649918 CEST | 443 | 49727 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:04:31.987745047 CEST | 443 | 49727 | 74.125.136.103 | 192.168.2.5 |
Apr 17, 2024 09:04:31.987926960 CEST | 49727 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:04:32.016494036 CEST | 49727 | 443 | 192.168.2.5 | 74.125.136.103 |
Apr 17, 2024 09:04:32.016525984 CEST | 443 | 49727 | 74.125.136.103 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 17, 2024 09:03:17.944047928 CEST | 53 | 62424 | 1.1.1.1 | 192.168.2.5 |
Apr 17, 2024 09:03:17.956334114 CEST | 53 | 59318 | 1.1.1.1 | 192.168.2.5 |
Apr 17, 2024 09:03:18.536720037 CEST | 53 | 50664 | 1.1.1.1 | 192.168.2.5 |
Apr 17, 2024 09:03:18.834316015 CEST | 51895 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 17, 2024 09:03:18.834635019 CEST | 50333 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 17, 2024 09:03:18.941121101 CEST | 53 | 50333 | 1.1.1.1 | 192.168.2.5 |
Apr 17, 2024 09:03:19.161722898 CEST | 57934 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 17, 2024 09:03:19.161835909 CEST | 63545 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 17, 2024 09:03:19.266182899 CEST | 53 | 63545 | 1.1.1.1 | 192.168.2.5 |
Apr 17, 2024 09:03:21.721952915 CEST | 52653 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 17, 2024 09:03:21.722888947 CEST | 52910 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 17, 2024 09:03:21.826385021 CEST | 53 | 52653 | 1.1.1.1 | 192.168.2.5 |
Apr 17, 2024 09:03:21.826910019 CEST | 53 | 52910 | 1.1.1.1 | 192.168.2.5 |
Apr 17, 2024 09:03:36.352730989 CEST | 53 | 49803 | 1.1.1.1 | 192.168.2.5 |
Apr 17, 2024 09:03:55.240212917 CEST | 53 | 60136 | 1.1.1.1 | 192.168.2.5 |
Apr 17, 2024 09:04:17.072196960 CEST | 53 | 54191 | 1.1.1.1 | 192.168.2.5 |
Apr 17, 2024 09:04:18.258810997 CEST | 53 | 64670 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 17, 2024 09:03:18.834316015 CEST | 192.168.2.5 | 1.1.1.1 | 0xf0ba | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 09:03:18.834635019 CEST | 192.168.2.5 | 1.1.1.1 | 0xe5ad | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 17, 2024 09:03:19.161722898 CEST | 192.168.2.5 | 1.1.1.1 | 0x89 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 09:03:19.161835909 CEST | 192.168.2.5 | 1.1.1.1 | 0x1ccc | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 17, 2024 09:03:21.721952915 CEST | 192.168.2.5 | 1.1.1.1 | 0xfe3d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 17, 2024 09:03:21.722888947 CEST | 192.168.2.5 | 1.1.1.1 | 0xaf77 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 17, 2024 09:03:18.941121101 CEST | 1.1.1.1 | 192.168.2.5 | 0xe5ad | No error (0) | client-api.arkoselabs.com.cdn.cloudflare.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 17, 2024 09:03:18.941296101 CEST | 1.1.1.1 | 192.168.2.5 | 0xf0ba | No error (0) | client-api.arkoselabs.com.cdn.cloudflare.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 17, 2024 09:03:19.266182899 CEST | 1.1.1.1 | 192.168.2.5 | 0x1ccc | No error (0) | client-api.arkoselabs.com.cdn.cloudflare.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 17, 2024 09:03:19.266757011 CEST | 1.1.1.1 | 192.168.2.5 | 0x89 | No error (0) | client-api.arkoselabs.com.cdn.cloudflare.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 17, 2024 09:03:21.826385021 CEST | 1.1.1.1 | 192.168.2.5 | 0xfe3d | No error (0) | 74.125.136.103 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 09:03:21.826385021 CEST | 1.1.1.1 | 192.168.2.5 | 0xfe3d | No error (0) | 74.125.136.105 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 09:03:21.826385021 CEST | 1.1.1.1 | 192.168.2.5 | 0xfe3d | No error (0) | 74.125.136.147 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 09:03:21.826385021 CEST | 1.1.1.1 | 192.168.2.5 | 0xfe3d | No error (0) | 74.125.136.104 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 09:03:21.826385021 CEST | 1.1.1.1 | 192.168.2.5 | 0xfe3d | No error (0) | 74.125.136.106 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 09:03:21.826385021 CEST | 1.1.1.1 | 192.168.2.5 | 0xfe3d | No error (0) | 74.125.136.99 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 09:03:21.826910019 CEST | 1.1.1.1 | 192.168.2.5 | 0xaf77 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 17, 2024 09:03:34.722687006 CEST | 1.1.1.1 | 192.168.2.5 | 0x5b76 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 17, 2024 09:03:34.722687006 CEST | 1.1.1.1 | 192.168.2.5 | 0x5b76 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 09:03:47.870136023 CEST | 1.1.1.1 | 192.168.2.5 | 0xe4c5 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 17, 2024 09:03:47.870136023 CEST | 1.1.1.1 | 192.168.2.5 | 0xe4c5 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 17, 2024 09:04:10.337928057 CEST | 1.1.1.1 | 192.168.2.5 | 0x3da6 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 17, 2024 09:04:10.337928057 CEST | 1.1.1.1 | 192.168.2.5 | 0x3da6 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49715 | 23.55.253.34 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-17 07:03:22 UTC | 161 | OUT | |
2024-04-17 07:03:23 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49716 | 23.55.253.34 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-17 07:03:23 UTC | 239 | OUT | |
2024-04-17 07:03:23 UTC | 530 | IN | |
2024-04-17 07:03:23 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 09:03:13 |
Start date: | 17/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 09:03:15 |
Start date: | 17/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 09:03:17 |
Start date: | 17/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |