Windows
Analysis Report
http://apps.identrust.com/roots/dstrootcax3.p7c
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 4888 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 2032 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2076 --fi eld-trial- handle=202 8,i,252090 8069897258 098,759006 9259288287 93,262144 --disable- features=O ptimizatio nGuideMode lDownloadi ng,Optimiz ationHints ,Optimizat ionHintsFe tching,Opt imizationT argetPredi ction /pre fetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6436 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://apps.i dentrust.c om/roots/d strootcax3 .p7c" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- wab.exe (PID: 5432 cmdline:
"C:\Progra m Files\Wi ndows Mail \wab.exe" /certifica te "C:\Use rs\user\Do wnloads\ds trootcax3. p7c" MD5: DBB30349963DBF34B6A50E6A2C3F3644)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.google.com | 74.125.136.104 | true | false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
74.125.136.104 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428622 |
Start date and time: | 2024-04-19 10:36:03 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 28s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://apps.identrust.com/roots/dstrootcax3.p7c |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@18/4@2/3 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.250.9.94, 172.217.215.139, 172.217.215.138, 172.217.215.113, 172.217.215.100, 172.217.215.102, 172.217.215.101, 173.194.219.84, 34.104.35.123, 96.7.224.66, 96.7.224.9, 23.40.205.34, 192.229.211.108, 64.233.177.94, 64.233.185.138, 64.233.185.100, 64.233.185.113, 64.233.185.139, 64.233.185.102, 64.233.185.101
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, apps.identrust.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 893 |
Entropy (8bit): | 7.366016576663508 |
Encrypted: | false |
SSDEEP: | 24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x |
MD5: | D4AE187B4574036C2D76B6DF8A8C1A30 |
SHA1: | B06F409FA14BAB33CBAF4A37811B8740B624D9E5 |
SHA-256: | A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7 |
SHA-512: | 1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C |
Malicious: | false |
Reputation: | low |
URL: | http://apps.identrust.com/roots/dstrootcax3.p7c |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 10:36:48.577785015 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Apr 19, 2024 10:36:58.279484987 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Apr 19, 2024 10:37:01.197166920 CEST | 49739 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:37:01.197240114 CEST | 443 | 49739 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:37:01.197315931 CEST | 49739 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:37:01.197504997 CEST | 49739 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:37:01.197539091 CEST | 443 | 49739 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:37:01.416717052 CEST | 443 | 49739 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:37:01.417015076 CEST | 49739 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:37:01.417046070 CEST | 443 | 49739 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:37:01.418668985 CEST | 443 | 49739 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:37:01.418741941 CEST | 49739 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:37:01.419786930 CEST | 49739 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:37:01.419883013 CEST | 443 | 49739 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:37:01.467386961 CEST | 49739 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:37:01.467405081 CEST | 443 | 49739 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:37:01.514251947 CEST | 49739 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:37:02.105942965 CEST | 49740 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.106061935 CEST | 443 | 49740 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.108795881 CEST | 49740 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.110963106 CEST | 49740 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.110985041 CEST | 443 | 49740 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.339157104 CEST | 443 | 49740 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.339401007 CEST | 49740 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.343708992 CEST | 49740 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.343728065 CEST | 443 | 49740 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.344170094 CEST | 443 | 49740 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.387989998 CEST | 49740 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.428158045 CEST | 443 | 49740 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.530780077 CEST | 443 | 49740 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.530868053 CEST | 443 | 49740 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.531088114 CEST | 49740 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.531137943 CEST | 443 | 49740 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.531158924 CEST | 49740 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.531158924 CEST | 49740 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.531169891 CEST | 443 | 49740 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.531177998 CEST | 443 | 49740 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.569613934 CEST | 49741 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.569652081 CEST | 443 | 49741 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.570506096 CEST | 49741 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.570506096 CEST | 49741 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.570532084 CEST | 443 | 49741 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.787802935 CEST | 443 | 49741 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.787942886 CEST | 49741 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.788961887 CEST | 49741 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.788973093 CEST | 443 | 49741 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.789727926 CEST | 443 | 49741 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.791096926 CEST | 49741 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.836113930 CEST | 443 | 49741 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.989818096 CEST | 443 | 49741 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.989903927 CEST | 443 | 49741 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:02.989953041 CEST | 49741 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.990696907 CEST | 49741 | 443 | 192.168.2.4 | 23.55.253.34 |
Apr 19, 2024 10:37:02.990712881 CEST | 443 | 49741 | 23.55.253.34 | 192.168.2.4 |
Apr 19, 2024 10:37:10.706932068 CEST | 49742 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:10.706964016 CEST | 443 | 49742 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:10.707058907 CEST | 49742 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:10.708059072 CEST | 49742 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:10.708070040 CEST | 443 | 49742 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:11.311908960 CEST | 443 | 49742 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:11.312006950 CEST | 49742 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:11.315069914 CEST | 49742 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:11.315082073 CEST | 443 | 49742 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:11.315489054 CEST | 443 | 49742 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:11.359685898 CEST | 49742 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:11.433814049 CEST | 443 | 49739 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:37:11.433974028 CEST | 443 | 49739 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:37:11.434143066 CEST | 49739 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:37:11.605182886 CEST | 49739 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:37:11.605230093 CEST | 443 | 49739 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:37:11.716131926 CEST | 49742 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:11.764113903 CEST | 443 | 49742 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:12.105061054 CEST | 443 | 49742 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:12.105125904 CEST | 443 | 49742 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:12.105148077 CEST | 443 | 49742 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:12.105181932 CEST | 49742 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:12.105187893 CEST | 443 | 49742 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:12.105218887 CEST | 443 | 49742 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:12.105235100 CEST | 49742 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:12.105235100 CEST | 49742 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:12.105236053 CEST | 443 | 49742 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:12.105263948 CEST | 49742 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:12.105305910 CEST | 49742 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:12.105406046 CEST | 443 | 49742 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:12.105532885 CEST | 49742 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:12.105545998 CEST | 443 | 49742 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:12.105618954 CEST | 443 | 49742 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:12.105695009 CEST | 49742 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:12.120034933 CEST | 49742 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:12.120054960 CEST | 443 | 49742 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:48.561558008 CEST | 49747 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:48.561616898 CEST | 443 | 49747 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:48.561693907 CEST | 49747 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:48.562125921 CEST | 49747 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:48.562140942 CEST | 443 | 49747 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:49.152304888 CEST | 443 | 49747 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:49.152379990 CEST | 49747 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:49.157583952 CEST | 49747 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:49.157598972 CEST | 443 | 49747 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:49.157984018 CEST | 443 | 49747 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:49.167957067 CEST | 49747 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:49.212111950 CEST | 443 | 49747 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:49.729692936 CEST | 443 | 49747 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:49.729727983 CEST | 443 | 49747 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:49.729748964 CEST | 443 | 49747 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:49.729780912 CEST | 49747 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:49.729811907 CEST | 443 | 49747 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:49.729829073 CEST | 443 | 49747 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:49.729829073 CEST | 49747 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:49.729851007 CEST | 49747 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:49.729856968 CEST | 443 | 49747 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:49.729872942 CEST | 49747 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:49.729885101 CEST | 49747 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:49.729891062 CEST | 443 | 49747 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:49.729927063 CEST | 443 | 49747 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:49.729970932 CEST | 49747 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:49.734272957 CEST | 49747 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:49.734293938 CEST | 443 | 49747 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:37:49.734306097 CEST | 49747 | 443 | 192.168.2.4 | 40.127.169.103 |
Apr 19, 2024 10:37:49.734312057 CEST | 443 | 49747 | 40.127.169.103 | 192.168.2.4 |
Apr 19, 2024 10:38:01.157109976 CEST | 49749 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:38:01.157160997 CEST | 443 | 49749 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:38:01.157218933 CEST | 49749 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:38:01.157489061 CEST | 49749 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:38:01.157502890 CEST | 443 | 49749 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:38:01.374161959 CEST | 443 | 49749 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:38:01.374629021 CEST | 49749 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:38:01.374648094 CEST | 443 | 49749 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:38:01.374933958 CEST | 443 | 49749 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:38:01.379013062 CEST | 49749 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:38:01.379069090 CEST | 443 | 49749 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:38:01.420754910 CEST | 49749 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:38:04.781790018 CEST | 49723 | 80 | 192.168.2.4 | 199.232.210.172 |
Apr 19, 2024 10:38:04.781893015 CEST | 49724 | 80 | 192.168.2.4 | 199.232.210.172 |
Apr 19, 2024 10:38:04.884277105 CEST | 80 | 49723 | 199.232.210.172 | 192.168.2.4 |
Apr 19, 2024 10:38:04.884339094 CEST | 80 | 49724 | 199.232.210.172 | 192.168.2.4 |
Apr 19, 2024 10:38:04.884376049 CEST | 80 | 49724 | 199.232.210.172 | 192.168.2.4 |
Apr 19, 2024 10:38:04.884413004 CEST | 80 | 49723 | 199.232.210.172 | 192.168.2.4 |
Apr 19, 2024 10:38:04.884490013 CEST | 49723 | 80 | 192.168.2.4 | 199.232.210.172 |
Apr 19, 2024 10:38:04.884578943 CEST | 49724 | 80 | 192.168.2.4 | 199.232.210.172 |
Apr 19, 2024 10:38:11.370805025 CEST | 443 | 49749 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:38:11.370910883 CEST | 443 | 49749 | 74.125.136.104 | 192.168.2.4 |
Apr 19, 2024 10:38:11.370946884 CEST | 49749 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:38:11.604511023 CEST | 49749 | 443 | 192.168.2.4 | 74.125.136.104 |
Apr 19, 2024 10:38:11.604547977 CEST | 443 | 49749 | 74.125.136.104 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 10:36:57.493441105 CEST | 53 | 52395 | 1.1.1.1 | 192.168.2.4 |
Apr 19, 2024 10:36:57.501468897 CEST | 53 | 54189 | 1.1.1.1 | 192.168.2.4 |
Apr 19, 2024 10:36:58.092283010 CEST | 53 | 51382 | 1.1.1.1 | 192.168.2.4 |
Apr 19, 2024 10:37:01.093359947 CEST | 53102 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 19, 2024 10:37:01.093498945 CEST | 62804 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 19, 2024 10:37:01.196043968 CEST | 53 | 62804 | 1.1.1.1 | 192.168.2.4 |
Apr 19, 2024 10:37:01.196233034 CEST | 53 | 53102 | 1.1.1.1 | 192.168.2.4 |
Apr 19, 2024 10:37:15.136147022 CEST | 53 | 55117 | 1.1.1.1 | 192.168.2.4 |
Apr 19, 2024 10:37:16.383666992 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Apr 19, 2024 10:37:34.180569887 CEST | 53 | 59033 | 1.1.1.1 | 192.168.2.4 |
Apr 19, 2024 10:37:56.893492937 CEST | 53 | 52894 | 1.1.1.1 | 192.168.2.4 |
Apr 19, 2024 10:37:57.042859077 CEST | 53 | 54412 | 1.1.1.1 | 192.168.2.4 |
Apr 19, 2024 10:38:25.084541082 CEST | 53 | 50019 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 19, 2024 10:37:01.093359947 CEST | 192.168.2.4 | 1.1.1.1 | 0x19b4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 10:37:01.093498945 CEST | 192.168.2.4 | 1.1.1.1 | 0xcf76 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2024 10:37:01.196043968 CEST | 1.1.1.1 | 192.168.2.4 | 0xcf76 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 19, 2024 10:37:01.196233034 CEST | 1.1.1.1 | 192.168.2.4 | 0x19b4 | No error (0) | 74.125.136.104 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 10:37:01.196233034 CEST | 1.1.1.1 | 192.168.2.4 | 0x19b4 | No error (0) | 74.125.136.103 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 10:37:01.196233034 CEST | 1.1.1.1 | 192.168.2.4 | 0x19b4 | No error (0) | 74.125.136.106 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 10:37:01.196233034 CEST | 1.1.1.1 | 192.168.2.4 | 0x19b4 | No error (0) | 74.125.136.99 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 10:37:01.196233034 CEST | 1.1.1.1 | 192.168.2.4 | 0x19b4 | No error (0) | 74.125.136.105 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 10:37:01.196233034 CEST | 1.1.1.1 | 192.168.2.4 | 0x19b4 | No error (0) | 74.125.136.147 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49740 | 23.55.253.34 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 08:37:02 UTC | 161 | OUT | |
2024-04-19 08:37:02 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49741 | 23.55.253.34 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 08:37:02 UTC | 239 | OUT | |
2024-04-19 08:37:02 UTC | 531 | IN | |
2024-04-19 08:37:02 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49742 | 40.127.169.103 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 08:37:11 UTC | 306 | OUT | |
2024-04-19 08:37:12 UTC | 560 | IN | |
2024-04-19 08:37:12 UTC | 15824 | IN | |
2024-04-19 08:37:12 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49747 | 40.127.169.103 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 08:37:49 UTC | 306 | OUT | |
2024-04-19 08:37:49 UTC | 560 | IN | |
2024-04-19 08:37:49 UTC | 15824 | IN | |
2024-04-19 08:37:49 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:36:50 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 10:36:55 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 10:36:57 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 7 |
Start time: | 10:38:14 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Windows Mail\wab.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7843b0000 |
File size: | 518'656 bytes |
MD5 hash: | DBB30349963DBF34B6A50E6A2C3F3644 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |