Windows
Analysis Report
https://ehonvsjdptmlbpkz.com/Xapz
Overview
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 7100 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 5376 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2064 --fi eld-trial- handle=200 0,i,704309 3200777024 510,131654 0922488750 9873,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 5856 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://ehonv sjdptmlbpk z.com/Xapz " MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ehonvsjdptmlbpkz.com | 43.130.239.48 | true | false | unknown | |
www.google.com | 64.233.176.147 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
43.130.239.48 | ehonvsjdptmlbpkz.com | Japan | 4249 | LILLY-ASUS | false | |
64.233.176.147 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
127.0.0.1 |
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428451 |
Start date and time: | 2024-04-19 00:06:31 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://ehonvsjdptmlbpkz.com/Xapz |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.win@20/6@4/5 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.105.94, 172.217.215.113, 172.217.215.100, 172.217.215.102, 172.217.215.138, 172.217.215.101, 172.217.215.139, 74.125.138.84, 34.104.35.123, 20.12.23.50, 199.232.210.172, 72.21.81.240, 192.229.211.108, 13.85.23.206, 20.3.187.198, 64.233.185.94
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, wu.ec.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: https://ehonvsjdptmlbpkz.com/Xapz
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.9846948441148924 |
Encrypted: | false |
SSDEEP: | 48:8Ld1TdVRHEidAKZdA19ehwiZUklqeh+y+3:8f/E9y |
MD5: | DA6703DD2281588A40C4F3D4B1D2747C |
SHA1: | EFFB887CE7E84999DA8D1A8C51D5EB6A4EA854BC |
SHA-256: | 20C71705CEB49229668BD2853CF1425EBAE7651C1F48D39455BA11B418969484 |
SHA-512: | B604442547E022412E81FE9544FE173B28741B339B998A7144A570497E1D590AE39D7D74112157EB37B738023E8D2DCA86F4BFFB165418A7C5C13D00185D4242 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.0002596837147095 |
Encrypted: | false |
SSDEEP: | 48:8Udd1TdVRHEidAKZdA1weh/iZUkAQkqehty+2:8Ul/29QAy |
MD5: | 817B517791733659D62E38524149D0D3 |
SHA1: | D5DA30D62EE84A91B15245B8288ED4092C777659 |
SHA-256: | CBE5FD70E42FB2A91E04FF4CB5F71704F7A0BC856B0CA96D9A2C5958E8D9337A |
SHA-512: | F570E3571FF17D918E3147866E6473ADB00E7DD5B07F09BEC9D012BAA37ACA987C6974D5B183EBC0102806E1D8E7AEE579A6C9DF41B4D8D30C4D11D61C862106 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.0097061478011 |
Encrypted: | false |
SSDEEP: | 48:8xOd1TdVsHEidAKZdA14tseh7sFiZUkmgqeh7sHy+BX:8xc/VnBy |
MD5: | DA71EACCD14328FD88918D9B67A5E69F |
SHA1: | 0374E43B6D06A6B065671127DC9798AEEA6BD40E |
SHA-256: | 3CAB108F90CD96B856D7ACFFC926DFB3E35FC0C93C6F8D79219723A68714DDDD |
SHA-512: | FF094BE4C512F8EF04BFCF94BE2C494B1CCDF0A2376532B4D0A0C07B8C472B1C2DBF767967BCEC24B4A9C35EB5945EC8021BBB178B45BF67FD79E2BCC626C29F |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.998345693359339 |
Encrypted: | false |
SSDEEP: | 48:8Wd1TdVRHEidAKZdA1vehDiZUkwqehZy+R:80/dfy |
MD5: | 1C1CE84F8106904D6C21FB3F7A37A26F |
SHA1: | 4572DC589AD2294670DBB95372502B818FB54CB7 |
SHA-256: | 83CB28639F9D5214C42760DF85AAF8B9B6C8375D1BB1569576481BDF80CD7D05 |
SHA-512: | 2DE58D2EB6AD44A4BA2276CE82960A22C4E207CCF8C8184E4E7D573E0D15FAB3E338AC47335BFFB9CAB08EADBD2D6C319DF476BFC1CF75DC348E0B34DC0747AA |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9909115233070236 |
Encrypted: | false |
SSDEEP: | 48:8Td1TdVRHEidAKZdA1hehBiZUk1W1qehLy+C:83/99ry |
MD5: | 44287C1B89570FA87E107C8414C1A4FE |
SHA1: | 8F81007836542CC4D32AC853432CC226ED924A54 |
SHA-256: | 7431BED7EAFAE3142FBD2258D9E6B061C150176AE1C6C5ECBB54CD41D316DA68 |
SHA-512: | 30DE1818A4A035E48792E072C604F9061D273170041437DEBF9AE82D26D6F5B9502ED286B38CADEB54B955FB36D40C3B4A115A5E2B2E6181C71366CF596A0094 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9991870718981883 |
Encrypted: | false |
SSDEEP: | 48:8bd1TdVRHEidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbBy+yT+:8P/BT/TbxWOvTbBy7T |
MD5: | B688D58EEA7F0E5A877ECFD024236CB0 |
SHA1: | DF1823B9464196FF46FFE84E53D3D44A85E2CC17 |
SHA-256: | 4261D71431C3D885B0466168C30B4DF9E1A923EE4042E45DFB91ED3C940A6755 |
SHA-512: | 5B967EAE4ABA9F6299853FB5FBA6AF1FF38250D31A3EECC5C41E3C969FD6372D3A4E44DF17A783792395AF5046B9A195390CC9B9CD44246F218E1532B3489D33 |
Malicious: | false |
Reputation: | low |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 00:07:14.536669016 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:14.536840916 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:14.646056890 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:20.397818089 CEST | 49710 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:20.397895098 CEST | 443 | 49710 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:20.397974968 CEST | 49710 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:20.398554087 CEST | 49711 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:20.398643970 CEST | 443 | 49711 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:20.398722887 CEST | 49711 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:20.399143934 CEST | 49711 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:20.399182081 CEST | 443 | 49711 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:20.399410963 CEST | 49710 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:20.399444103 CEST | 443 | 49710 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:21.044781923 CEST | 443 | 49711 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:21.045161009 CEST | 49711 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:21.045213938 CEST | 443 | 49711 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:21.046886921 CEST | 443 | 49711 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:21.046969891 CEST | 49711 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:21.048002958 CEST | 49711 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:21.048127890 CEST | 443 | 49711 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:21.048250914 CEST | 49711 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:21.048269987 CEST | 443 | 49711 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:21.053534031 CEST | 443 | 49710 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:21.053868055 CEST | 49710 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:21.053929090 CEST | 443 | 49710 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:21.057493925 CEST | 443 | 49710 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:21.057598114 CEST | 49710 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:21.057924986 CEST | 49710 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:21.058016062 CEST | 443 | 49710 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:21.100804090 CEST | 49710 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:21.100825071 CEST | 443 | 49710 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:21.101299047 CEST | 49711 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:21.148473024 CEST | 49710 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:21.920321941 CEST | 443 | 49711 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:21.920486927 CEST | 443 | 49711 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:21.920567036 CEST | 49711 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:21.924316883 CEST | 49711 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:21.924354076 CEST | 443 | 49711 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:22.688417912 CEST | 49717 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:07:22.688478947 CEST | 443 | 49717 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:07:22.688549995 CEST | 49717 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:07:22.689148903 CEST | 49717 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:07:22.689167976 CEST | 443 | 49717 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:07:22.915679932 CEST | 443 | 49717 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:07:22.919255972 CEST | 49717 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:07:22.919308901 CEST | 443 | 49717 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:07:22.920864105 CEST | 443 | 49717 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:07:22.920941114 CEST | 49717 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:07:22.996890068 CEST | 49717 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:07:22.997327089 CEST | 443 | 49717 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:07:23.050925016 CEST | 49717 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:07:23.050955057 CEST | 443 | 49717 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:07:23.097827911 CEST | 49717 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:07:23.415379047 CEST | 49718 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:23.415426970 CEST | 443 | 49718 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:23.415498018 CEST | 49718 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:23.418152094 CEST | 49718 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:23.418178082 CEST | 443 | 49718 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:23.641475916 CEST | 443 | 49718 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:23.641563892 CEST | 49718 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:23.644124985 CEST | 49718 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:23.644155025 CEST | 443 | 49718 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:23.644557953 CEST | 443 | 49718 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:23.686217070 CEST | 49718 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:23.728142023 CEST | 443 | 49718 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:23.841804981 CEST | 443 | 49718 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:23.841968060 CEST | 443 | 49718 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:23.841968060 CEST | 49718 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:23.842012882 CEST | 443 | 49718 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:23.842031956 CEST | 49718 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:23.842031956 CEST | 49718 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:23.842042923 CEST | 443 | 49718 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:23.842051983 CEST | 443 | 49718 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:23.881335974 CEST | 49719 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:23.881421089 CEST | 443 | 49719 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:23.881522894 CEST | 49719 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:23.881927967 CEST | 49719 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:23.881962061 CEST | 443 | 49719 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:24.101839066 CEST | 443 | 49719 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:24.101958036 CEST | 49719 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:24.105690956 CEST | 49719 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:24.105710030 CEST | 443 | 49719 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:24.106636047 CEST | 443 | 49719 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:24.108932972 CEST | 49719 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:24.144464016 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:24.144571066 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:24.152122021 CEST | 443 | 49719 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:24.251923084 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:24.307106972 CEST | 443 | 49719 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:24.307317019 CEST | 443 | 49719 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:24.307404041 CEST | 49719 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:24.454601049 CEST | 49719 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:24.454602003 CEST | 49719 | 443 | 192.168.2.5 | 23.63.206.91 |
Apr 19, 2024 00:07:24.454683065 CEST | 443 | 49719 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:24.454710007 CEST | 443 | 49719 | 23.63.206.91 | 192.168.2.5 |
Apr 19, 2024 00:07:25.624265909 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 00:07:25.624385118 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:32.902616024 CEST | 443 | 49717 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:07:32.902771950 CEST | 443 | 49717 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:07:32.902846098 CEST | 49717 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:07:32.962275028 CEST | 49717 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:07:32.962333918 CEST | 443 | 49717 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:07:35.920527935 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:35.920628071 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:35.921055079 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:35.921075106 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 00:07:35.921287060 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:35.921500921 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:35.921514988 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 00:07:36.074397087 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 00:07:36.074434996 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 00:07:36.246639013 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 00:07:36.246714115 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:36.394716024 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:36.394733906 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 00:07:36.396075964 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 00:07:36.396147966 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:36.396888971 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:36.396925926 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 00:07:36.397460938 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:36.397473097 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 00:07:37.307296991 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 00:07:37.307496071 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:37.307516098 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 00:07:37.307553053 CEST | 443 | 49737 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 00:07:37.307697058 CEST | 49737 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 00:07:41.394421101 CEST | 443 | 49710 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:41.394618988 CEST | 443 | 49710 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:07:41.394788980 CEST | 49710 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:42.380450010 CEST | 49710 | 443 | 192.168.2.5 | 43.130.239.48 |
Apr 19, 2024 00:07:42.380511999 CEST | 443 | 49710 | 43.130.239.48 | 192.168.2.5 |
Apr 19, 2024 00:08:22.631252050 CEST | 49748 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:08:22.631349087 CEST | 443 | 49748 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:08:22.631458044 CEST | 49748 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:08:22.631710052 CEST | 49748 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:08:22.631743908 CEST | 443 | 49748 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:08:22.850819111 CEST | 443 | 49748 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:08:22.852490902 CEST | 49748 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:08:22.852530956 CEST | 443 | 49748 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:08:22.853646994 CEST | 443 | 49748 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:08:22.860193968 CEST | 49748 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:08:22.860294104 CEST | 443 | 49748 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:08:22.911015034 CEST | 49748 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:08:32.854367971 CEST | 443 | 49748 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:08:32.854439020 CEST | 443 | 49748 | 64.233.176.147 | 192.168.2.5 |
Apr 19, 2024 00:08:32.854537010 CEST | 49748 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:08:34.797595024 CEST | 49748 | 443 | 192.168.2.5 | 64.233.176.147 |
Apr 19, 2024 00:08:34.797636986 CEST | 443 | 49748 | 64.233.176.147 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 00:07:18.103353977 CEST | 53 | 54771 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 00:07:18.105323076 CEST | 53 | 62570 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 00:07:18.763840914 CEST | 53 | 58915 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 00:07:20.083254099 CEST | 52209 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 00:07:20.083375931 CEST | 64452 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 00:07:20.344342947 CEST | 53 | 52209 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 00:07:22.580029964 CEST | 62549 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 00:07:22.580266953 CEST | 50070 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 00:07:22.685744047 CEST | 53 | 62549 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 00:07:22.686280966 CEST | 53 | 50070 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 00:07:22.801287889 CEST | 53 | 64452 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 00:07:36.220732927 CEST | 53 | 63839 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 00:07:55.189219952 CEST | 53 | 62775 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 00:08:17.685107946 CEST | 53 | 51576 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 00:08:18.166544914 CEST | 53 | 59760 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 00:08:45.582573891 CEST | 53 | 59853 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Apr 19, 2024 00:07:22.801357985 CEST | 192.168.2.5 | 1.1.1.1 | c1eb | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 19, 2024 00:07:20.083254099 CEST | 192.168.2.5 | 1.1.1.1 | 0xb6af | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 00:07:20.083375931 CEST | 192.168.2.5 | 1.1.1.1 | 0xf863 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 19, 2024 00:07:22.580029964 CEST | 192.168.2.5 | 1.1.1.1 | 0xdde0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 00:07:22.580266953 CEST | 192.168.2.5 | 1.1.1.1 | 0x78bd | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2024 00:07:20.344342947 CEST | 1.1.1.1 | 192.168.2.5 | 0xb6af | No error (0) | 43.130.239.48 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 00:07:22.685744047 CEST | 1.1.1.1 | 192.168.2.5 | 0xdde0 | No error (0) | 64.233.176.147 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 00:07:22.685744047 CEST | 1.1.1.1 | 192.168.2.5 | 0xdde0 | No error (0) | 64.233.176.105 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 00:07:22.685744047 CEST | 1.1.1.1 | 192.168.2.5 | 0xdde0 | No error (0) | 64.233.176.103 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 00:07:22.685744047 CEST | 1.1.1.1 | 192.168.2.5 | 0xdde0 | No error (0) | 64.233.176.99 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 00:07:22.685744047 CEST | 1.1.1.1 | 192.168.2.5 | 0xdde0 | No error (0) | 64.233.176.104 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 00:07:22.685744047 CEST | 1.1.1.1 | 192.168.2.5 | 0xdde0 | No error (0) | 64.233.176.106 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 00:07:22.686280966 CEST | 1.1.1.1 | 192.168.2.5 | 0x78bd | No error (0) | 65 | IN (0x0001) | false | |||
Apr 19, 2024 00:07:22.801287889 CEST | 1.1.1.1 | 192.168.2.5 | 0xf863 | Server failure (2) | none | none | 65 | IN (0x0001) | false | |
Apr 19, 2024 00:07:35.699856997 CEST | 1.1.1.1 | 192.168.2.5 | 0xe34c | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 00:07:35.699856997 CEST | 1.1.1.1 | 192.168.2.5 | 0xe34c | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 00:07:48.644234896 CEST | 1.1.1.1 | 192.168.2.5 | 0x468b | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 00:07:48.644234896 CEST | 1.1.1.1 | 192.168.2.5 | 0x468b | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 00:08:10.283888102 CEST | 1.1.1.1 | 192.168.2.5 | 0xb864 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 00:08:10.283888102 CEST | 1.1.1.1 | 192.168.2.5 | 0xb864 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 00:08:30.736221075 CEST | 1.1.1.1 | 192.168.2.5 | 0xedbc | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 00:08:30.736221075 CEST | 1.1.1.1 | 192.168.2.5 | 0xedbc | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49711 | 43.130.239.48 | 443 | 5376 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-18 22:07:21 UTC | 667 | OUT | |
2024-04-18 22:07:21 UTC | 665 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49718 | 23.63.206.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-18 22:07:23 UTC | 161 | OUT | |
2024-04-18 22:07:23 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49719 | 23.63.206.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-18 22:07:24 UTC | 239 | OUT | |
2024-04-18 22:07:24 UTC | 531 | IN | |
2024-04-18 22:07:24 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
3 | 192.168.2.5 | 49737 | 23.1.237.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-18 22:07:36 UTC | 2148 | OUT | |
2024-04-18 22:07:36 UTC | 1 | OUT | |
2024-04-18 22:07:36 UTC | 2483 | OUT | |
2024-04-18 22:07:37 UTC | 479 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 00:07:14 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 00:07:15 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 00:07:18 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |