Windows
Analysis Report
http://habdjfvjkdfjlbjlkbj.z19.web.core.windows.net
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 6252 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6352 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2080 --fi eld-trial- handle=197 6,i,681587 6806089879 004,100381 0722004589 9808,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 2232 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://habdjf vjkdfjlbjl kbj.z19.we b.core.win dows.net" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 1 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
www.google.com | 172.253.124.106 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
172.253.124.106 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428937 |
Start date and time: | 2024-04-19 21:38:26 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 8s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://habdjfvjkdfjlbjlkbj.z19.web.core.windows.net |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.win@16/10@2/3 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 173.194.219.94, 74.125.138.139, 74.125.138.100, 74.125.138.113, 74.125.138.101, 74.125.138.102, 74.125.138.138, 64.233.177.84, 34.104.35.123, 20.38.122.129, 13.85.23.86, 23.40.205.49, 199.232.214.172, 192.229.211.108, 20.166.126.56, 52.165.164.15, 20.114.59.183, 172.217.215.94, 20.12.23.50, 23.45.13.176, 23.45.13.184
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: http://habdjfvjkdfjlbjlkbj.z19.web.core.windows.net
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.985646747919829 |
Encrypted: | false |
SSDEEP: | 48:8kdATkYcHUidAKZdA19ehwiZUklqehTy+3:83vjIy |
MD5: | 69E2BA67CB7D5793C489A10AA873E6AF |
SHA1: | 7BBE69DB76A25633A161537B6908FB36A90A5225 |
SHA-256: | DDAD7C38D8801CB422165A451A9187CCFE74F7E6D0D36A6B9318E32957E6990A |
SHA-512: | A7D0A209173EB818BD25B873D7234D2BEE6052CEDA6699577B4E74E3EC4E0FA5BF2CAF7F7D870F5B2169E77D5F356B395EDF0FCA95B851EF47BE47DD3C88DE00 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 4.001018246589355 |
Encrypted: | false |
SSDEEP: | 48:82dATkYcHUidAKZdA1weh/iZUkAQkqeh4y+2:8BvR9Q1y |
MD5: | 5C7BF4E0DE292C9CCB5FA1F1EA43824C |
SHA1: | FF2BCCC147D9DD7DA01ADD026D7AE443410126B5 |
SHA-256: | 092C0FF9E9E53BF23591278EBDBBB61AEF25765AE44835D9B5C24BEFC19F914D |
SHA-512: | 2F793708B64BE0D477A4B2C5BC7D3734CF93597FF691F068E2E26FAB1443FCBB3E431003019FF1FCEF3B9B96FC69EE7A02F6C1F03BA09B7291813B95CA4FEAE1 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.010161534397526 |
Encrypted: | false |
SSDEEP: | 48:8xRdATkYsHUidAKZdA14tseh7sFiZUkmgqeh7s6y+BX:8x0vRnUy |
MD5: | EA78DFD28C68C284BC13D675FAB94C2D |
SHA1: | 9DEB4B30687E12AB5BBD2D821EA7363F40FD42E8 |
SHA-256: | 8291FC26B0A7DA1FB3339BBC1E9A6EF08E7636845BC5C6C9D100C568FCB0EEF0 |
SHA-512: | F1317BA6913FE90E226D79F1A6AAE6C31346DAB502A5196A140EF5809CCBFCEE2C32FE034CB0DEA4E9BB8463123FC26ACE19C3780AB199CCF87EDF0EE684508A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9983105470923945 |
Encrypted: | false |
SSDEEP: | 48:86dATkYcHUidAKZdA1vehDiZUkwqeh8y+R:8VvSCy |
MD5: | E7CB34BDA04504880AA150DE7CCD7F85 |
SHA1: | 0E3F96931284DF3684B521A47A512237BC33F1C9 |
SHA-256: | BA7559C5D5A140E034E8F30B1DDDBD9E9D9C7586AB20343291F252BA57575321 |
SHA-512: | C5B0DDC4A279C2252F28C6B6E1C9EEC2658C162423DF0E040B8C2AA17B59F8C76DAFF8A1ABDA53F33DC9BAB21EB0ECA2BAA082EB6C88C803CAE3EEF86279696A |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.9895867866474584 |
Encrypted: | false |
SSDEEP: | 48:8HudATkYcHUidAKZdA1hehBiZUk1W1qehGy+C:8HJvi9my |
MD5: | 9399EC22035A646A582284D366598A79 |
SHA1: | 13B3AA1CF997B5415C609276A2244A7782E6A0C4 |
SHA-256: | 0DEF67902D0F52B205603E655BB8A5D7D096B61DC3CB99413F5AF7C195C2D580 |
SHA-512: | A8A6EA5493AA1FE60F5A5AE6EBE4187D816694A2D05645D5C1FC96652030D844E835424DAD7FB3D795813490DF6AC831591709BDBCD13F87CEA3A78DB5EDFB65 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.999245980597191 |
Encrypted: | false |
SSDEEP: | 48:8jNdATkYcHUidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbUy+yT+:8jAvcT/TbxWOvTbUy7T |
MD5: | B8EC72DB49C14B18B23F83D349A5687B |
SHA1: | 9B0084D096EFD0A6DF2DC052D96FAB61F229DB53 |
SHA-256: | 68DE6747F1AEF7C5085915C01268EFC2031CC46BF35A58068B1E58AD6DF9DEEE |
SHA-512: | ADC9AF480D339B535FCA9933A579566804109FA5C77580F4D42FDF399F52E3A12866F027134377E042936421A63ABC75589C52B1FB23A6DD9AB5F971C8D028B2 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 337 |
Entropy (8bit): | 5.139028340994985 |
Encrypted: | false |
SSDEEP: | 6:haxU/qHX96TBGSYFD0NlzY2i21VsJCYWOesR2p022bNS6E:haxzHktGSFN62i2LYWOesw |
MD5: | D02F3B4746D607557F4DF39D18A956D3 |
SHA1: | 071D18805D8FCF832FD0758AB63E4C61BCA437BB |
SHA-256: | 39DF0678912F53B68CF1B27036CEAA7F46E808866383DA1D327DBDEE3B278845 |
SHA-512: | FBC3E9E833DE4CBA7DA910E62BADBF58E3E9F4286C9887DC37BF76DA38C55E11E825A303EA7DAAD106283CA51C737320171EFF179671A9935D2023F91E834098 |
Malicious: | false |
Reputation: | low |
URL: | http://habdjfvjkdfjlbjlkbj.z19.web.core.windows.net/ |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 337 |
Entropy (8bit): | 5.131610302317065 |
Encrypted: | false |
SSDEEP: | 6:haxU/qHX96TBGSYFD0NlzY2i21VsJCYWOTt1hsR2p022bD+E:haxzHktGSFN62i2LYWOTtDs7P |
MD5: | 223DF441121EE67AA44BF21BAB4D86AC |
SHA1: | 8A36C7DE5DF8C8C7208DF57447FB2039F93B3ECE |
SHA-256: | C7BEF036BB5D274E0399699639D557708E3BF9E3951E3356D97790CF33CB0ACA |
SHA-512: | 7EDEB2BF38F0A6D313CF205F495D6AB0C942DA45420FF31C3A7953029799B9809E22697FDBE679A99605E38B7CA59CCA0A3499D0B353AC7619CE81ADA04E2A6C |
Malicious: | false |
Reputation: | low |
URL: | http://habdjfvjkdfjlbjlkbj.z19.web.core.windows.net/favicon.ico |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 21:39:09.320941925 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:09.320962906 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:09.461575985 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:18.057123899 CEST | 49715 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:39:18.057151079 CEST | 443 | 49715 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:39:18.057213068 CEST | 49715 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:39:18.060281038 CEST | 49715 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:39:18.060295105 CEST | 443 | 49715 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:39:18.279618979 CEST | 443 | 49715 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:39:18.279928923 CEST | 49715 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:39:18.279947996 CEST | 443 | 49715 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:39:18.280972004 CEST | 443 | 49715 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:39:18.281106949 CEST | 49715 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:39:18.480532885 CEST | 49715 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:39:18.480668068 CEST | 443 | 49715 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:39:18.527384043 CEST | 49715 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:39:18.527405024 CEST | 443 | 49715 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:39:18.577373981 CEST | 49715 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:39:18.933553934 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:18.933562994 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:19.037364960 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:19.037388086 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.037635088 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:19.041359901 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:19.041373968 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.074194908 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:19.289666891 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.289741039 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:19.296637058 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:19.296653032 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.297025919 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.339791059 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:19.408354998 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:19.456115961 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.525425911 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.525532961 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.525582075 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:19.525665998 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:19.525676966 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.525688887 CEST | 49716 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:19.525692940 CEST | 443 | 49716 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.563291073 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:19.563355923 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.563441992 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:19.563746929 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:19.563781977 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.777626038 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.777705908 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:19.780030966 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:19.780040979 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.780421972 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.786314011 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:19.832115889 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.989794016 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.989895105 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:19.990092039 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:20.014437914 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:20.014481068 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:20.014511108 CEST | 49717 | 443 | 192.168.2.5 | 23.60.84.144 |
Apr 19, 2024 21:39:20.014525890 CEST | 443 | 49717 | 23.60.84.144 | 192.168.2.5 |
Apr 19, 2024 21:39:20.449762106 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 21:39:20.449875116 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:28.285500050 CEST | 443 | 49715 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:39:28.285562992 CEST | 443 | 49715 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:39:28.285671949 CEST | 49715 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:39:28.329407930 CEST | 49715 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:39:28.329437017 CEST | 443 | 49715 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:39:30.762980938 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:30.763328075 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:30.763669968 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:30.763726950 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 21:39:30.763796091 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:30.764259100 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:30.764273882 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 21:39:30.915352106 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 21:39:30.915653944 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 21:39:31.073410988 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 21:39:31.073506117 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:31.215018034 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:31.215066910 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 21:39:31.216226101 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 21:39:31.216310024 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:31.256999016 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:31.257071972 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 21:39:31.257308006 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:31.257323027 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 21:39:31.607590914 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 21:39:31.607662916 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:31.607837915 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 21:39:31.607888937 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:31.607991934 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 21:39:31.608047009 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:31.649153948 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:31.649218082 CEST | 443 | 49722 | 23.1.237.91 | 192.168.2.5 |
Apr 19, 2024 21:39:31.649246931 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:39:31.649275064 CEST | 49722 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 19, 2024 21:40:18.175957918 CEST | 49727 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:40:18.176006079 CEST | 443 | 49727 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:40:18.176100969 CEST | 49727 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:40:18.176475048 CEST | 49727 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:40:18.176487923 CEST | 443 | 49727 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:40:18.389481068 CEST | 443 | 49727 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:40:18.389805079 CEST | 49727 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:40:18.389812946 CEST | 443 | 49727 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:40:18.390124083 CEST | 443 | 49727 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:40:18.391413927 CEST | 49727 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:40:18.391480923 CEST | 443 | 49727 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:40:18.433337927 CEST | 49727 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:40:28.394648075 CEST | 443 | 49727 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:40:28.394705057 CEST | 443 | 49727 | 172.253.124.106 | 192.168.2.5 |
Apr 19, 2024 21:40:28.395690918 CEST | 49727 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:40:30.327764034 CEST | 49727 | 443 | 192.168.2.5 | 172.253.124.106 |
Apr 19, 2024 21:40:30.327788115 CEST | 443 | 49727 | 172.253.124.106 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 21:39:13.933502913 CEST | 53 | 64661 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 21:39:13.986531973 CEST | 53 | 56103 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 21:39:14.596657991 CEST | 53 | 55370 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 21:39:17.900218010 CEST | 52320 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 21:39:17.900974035 CEST | 50869 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 19, 2024 21:39:18.004894972 CEST | 53 | 52320 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 21:39:18.005620003 CEST | 53 | 50869 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 21:39:32.464970112 CEST | 53 | 58399 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 21:39:51.434900045 CEST | 53 | 56464 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 21:40:13.939927101 CEST | 53 | 62128 | 1.1.1.1 | 192.168.2.5 |
Apr 19, 2024 21:40:14.587981939 CEST | 53 | 57654 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 19, 2024 21:39:17.900218010 CEST | 192.168.2.5 | 1.1.1.1 | 0x8014 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 21:39:17.900974035 CEST | 192.168.2.5 | 1.1.1.1 | 0x4fe8 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2024 21:39:18.004894972 CEST | 1.1.1.1 | 192.168.2.5 | 0x8014 | No error (0) | 172.253.124.106 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 21:39:18.004894972 CEST | 1.1.1.1 | 192.168.2.5 | 0x8014 | No error (0) | 172.253.124.105 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 21:39:18.004894972 CEST | 1.1.1.1 | 192.168.2.5 | 0x8014 | No error (0) | 172.253.124.104 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 21:39:18.004894972 CEST | 1.1.1.1 | 192.168.2.5 | 0x8014 | No error (0) | 172.253.124.147 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 21:39:18.004894972 CEST | 1.1.1.1 | 192.168.2.5 | 0x8014 | No error (0) | 172.253.124.103 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 21:39:18.004894972 CEST | 1.1.1.1 | 192.168.2.5 | 0x8014 | No error (0) | 172.253.124.99 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 21:39:18.005620003 CEST | 1.1.1.1 | 192.168.2.5 | 0x4fe8 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 19, 2024 21:39:30.396893024 CEST | 1.1.1.1 | 192.168.2.5 | 0x3bd6 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 21:39:30.396893024 CEST | 1.1.1.1 | 192.168.2.5 | 0x3bd6 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 21:39:30.514934063 CEST | 1.1.1.1 | 192.168.2.5 | 0xd9cc | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 21:39:30.514934063 CEST | 1.1.1.1 | 192.168.2.5 | 0xd9cc | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 21:39:43.905457973 CEST | 1.1.1.1 | 192.168.2.5 | 0x896c | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 21:39:43.905457973 CEST | 1.1.1.1 | 192.168.2.5 | 0x896c | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 21:40:06.681607008 CEST | 1.1.1.1 | 192.168.2.5 | 0x611 | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 19, 2024 21:40:06.681607008 CEST | 1.1.1.1 | 192.168.2.5 | 0x611 | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49716 | 23.60.84.144 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 19:39:19 UTC | 161 | OUT | |
2024-04-19 19:39:19 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49717 | 23.60.84.144 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 19:39:19 UTC | 239 | OUT | |
2024-04-19 19:39:19 UTC | 456 | IN | |
2024-04-19 19:39:19 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
2 | 192.168.2.5 | 49722 | 23.1.237.91 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-19 19:39:31 UTC | 2148 | OUT | |
2024-04-19 19:39:31 UTC | 1 | OUT | |
2024-04-19 19:39:31 UTC | 2483 | OUT | |
2024-04-19 19:39:31 UTC | 480 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 21:39:09 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 21:39:11 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 21:39:14 |
Start date: | 19/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |