Windows
Analysis Report
https://lx-pluto-mail.qiye.163.com/unsubscribe_en.html?host=lx-pluto-mail.qiye.163.com&sign=tYjJWFMjS3nn3YqvszWFhdv6S7f427CtlG6Qc97yX%2BvgJErYHlag8awX2vfVi%2B12IzWnpp72Z4Ca%0AxsG5%2Bb9mDQ30Lmqfrm9BtpqSiq7XoI%2BjidChX5ytHSJuo9hhv57eCMVHyi2xsxwIEr5x9dnZ3p3o%0ApGb7ImP4SgjKiKpbhL%2F7d1aI4fC5%2Fbj4bOQCi6
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 4940 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 1508 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2196 --fi eld-trial- handle=202 8,i,153265 4356049675 5507,31150 3549761014 0098,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 6428 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://lx-pl uto-mail.q iye.163.co m/unsubscr ibe_en.htm l?host=lx- pluto-mail .qiye.163. com&sign=t YjJWFMjS3n n3YqvszWFh dv6S7f427C tlG6Qc97yX %2BvgJErYH lag8awX2vf Vi%2B12IzW npp72Z4Ca% 0AxsG5%2Bb 9mDQ30Lmqf rm9BtpqSiq 7XoI%2Bjid ChX5ytHSJu o9hhv57eCM VHyi2xsxwI Er5x9dnZ3p 3o%0ApGb7I mP4SgjKiKp bhL%2F7d1a I4fC5%2Fbj 4bOQCi6jm& from=sales 1@aaazxy.c om" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Sample URL: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Process Injection | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.214.172 | true | false | unknown | |
lx-pluto-mail.qiye.163.com | 47.243.189.198 | true | false | high | |
www.google.com | 142.250.105.147 | true | false | high | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
47.243.189.198 | lx-pluto-mail.qiye.163.com | United States | 45102 | CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdC | false | |
142.250.105.147 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430203 |
Start date and time: | 2024-04-23 10:10:54 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 17s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://lx-pluto-mail.qiye.163.com/unsubscribe_en.html?host=lx-pluto-mail.qiye.163.com&sign=tYjJWFMjS3nn3YqvszWFhdv6S7f427CtlG6Qc97yX%2BvgJErYHlag8awX2vfVi%2B12IzWnpp72Z4Ca%0AxsG5%2Bb9mDQ30Lmqfrm9BtpqSiq7XoI%2BjidChX5ytHSJuo9hhv57eCMVHyi2xsxwIEr5x9dnZ3p3o%0ApGb7ImP4SgjKiKpbhL%2F7d1aI4fC5%2Fbj4bOQCi6jm&from=sales1@aaazxy.com |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@16/2@4/4 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 64.233.185.94, 142.250.105.101, 142.250.105.113, 142.250.105.139, 142.250.105.138, 142.250.105.100, 142.250.105.102, 173.194.219.84, 34.104.35.123, 172.253.124.95, 142.250.9.95, 142.250.105.95, 108.177.122.95, 64.233.177.95, 74.125.138.95, 64.233.176.95, 142.251.15.95, 172.217.215.95, 74.125.136.95, 64.233.185.95, 173.194.219.95, 13.85.23.86, 199.232.214.172, 20.242.39.171, 192.229.211.108, 52.165.164.15, 173.194.219.94
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, ocsp.edge.digicert.com, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 16 |
Entropy (8bit): | 3.625 |
Encrypted: | false |
SSDEEP: | 3:HFn:l |
MD5: | 418FBC40DEEBD999D02A91F3BC9850B9 |
SHA1: | A04AB7C83CB2CDF175711BF34C27A0C32F801DC2 |
SHA-256: | E85E233CE28065F9DE8A6429A42B6BFC4752340EDB2F66AF1B79F1B805549771 |
SHA-512: | 74599CE0567379C67882DCC387D869C2F5340D5F814789A65740C378A85949822118A4C8B842241D297087907CF646271DAB0866E3754291F729C3253185986D |
Malicious: | false |
Reputation: | low |
URL: | https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAksNXZu33NQFBIFDWXnCSY=?alt=proto |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 23, 2024 10:11:43.089500904 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Apr 23, 2024 10:11:52.806611061 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Apr 23, 2024 10:11:53.090567112 CEST | 49736 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:53.090620041 CEST | 443 | 49736 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:53.091185093 CEST | 49736 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:53.091284990 CEST | 49737 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:53.091367960 CEST | 443 | 49737 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:53.091487885 CEST | 49736 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:53.091499090 CEST | 443 | 49736 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:53.091691971 CEST | 49737 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:53.091800928 CEST | 49737 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:53.091833115 CEST | 443 | 49737 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.032653093 CEST | 443 | 49737 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.033113956 CEST | 49737 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:54.033171892 CEST | 443 | 49737 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.034842014 CEST | 443 | 49737 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.034941912 CEST | 49737 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:54.036078930 CEST | 49737 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:54.036194086 CEST | 443 | 49737 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.036271095 CEST | 49737 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:54.055751085 CEST | 443 | 49736 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.055991888 CEST | 49736 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:54.056009054 CEST | 443 | 49736 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.057446003 CEST | 443 | 49736 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.057513952 CEST | 49736 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:54.057936907 CEST | 49736 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:54.058012962 CEST | 443 | 49736 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.080161095 CEST | 443 | 49737 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.089370966 CEST | 49737 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:54.089427948 CEST | 443 | 49737 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.104625940 CEST | 49736 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:54.104657888 CEST | 443 | 49736 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.134727955 CEST | 49737 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:54.150564909 CEST | 49736 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:54.782011032 CEST | 443 | 49737 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.782095909 CEST | 443 | 49737 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.782115936 CEST | 443 | 49737 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.782149076 CEST | 443 | 49737 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.782171011 CEST | 49737 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:54.782238007 CEST | 443 | 49737 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.782273054 CEST | 49737 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:54.782295942 CEST | 443 | 49737 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:54.782360077 CEST | 49737 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:54.783716917 CEST | 49737 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:54.783761024 CEST | 443 | 49737 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:55.082786083 CEST | 49736 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:55.128110886 CEST | 443 | 49736 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:55.470841885 CEST | 443 | 49736 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:55.470916033 CEST | 443 | 49736 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:55.470962048 CEST | 49736 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:55.471771002 CEST | 49736 | 443 | 192.168.2.4 | 47.243.189.198 |
Apr 23, 2024 10:11:55.471784115 CEST | 443 | 49736 | 47.243.189.198 | 192.168.2.4 |
Apr 23, 2024 10:11:56.269036055 CEST | 49741 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:11:56.269114971 CEST | 443 | 49741 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:11:56.269197941 CEST | 49741 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:11:56.269593954 CEST | 49741 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:11:56.269635916 CEST | 443 | 49741 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:11:56.491633892 CEST | 443 | 49741 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:11:56.491981983 CEST | 49741 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:11:56.492049932 CEST | 443 | 49741 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:11:56.493513107 CEST | 443 | 49741 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:11:56.493596077 CEST | 49741 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:11:56.495382071 CEST | 49741 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:11:56.495471954 CEST | 443 | 49741 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:11:56.541006088 CEST | 49741 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:11:56.541064978 CEST | 443 | 49741 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:11:56.587908983 CEST | 49741 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:11:56.592761993 CEST | 49742 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:56.592840910 CEST | 443 | 49742 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:56.592936039 CEST | 49742 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:56.595535994 CEST | 49742 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:56.595613956 CEST | 443 | 49742 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:56.848062038 CEST | 443 | 49742 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:56.848203897 CEST | 49742 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:56.853766918 CEST | 49742 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:56.853840113 CEST | 443 | 49742 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:56.854278088 CEST | 443 | 49742 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:56.900293112 CEST | 49742 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:57.000750065 CEST | 49742 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:57.044198990 CEST | 443 | 49742 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:57.125530958 CEST | 443 | 49742 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:57.125670910 CEST | 443 | 49742 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:57.125883102 CEST | 49742 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:57.125962019 CEST | 49742 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:57.125999928 CEST | 443 | 49742 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:57.126040936 CEST | 49742 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:57.126059055 CEST | 443 | 49742 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:57.172982931 CEST | 49743 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:57.173060894 CEST | 443 | 49743 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:57.173146963 CEST | 49743 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:57.173399925 CEST | 49743 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:57.173424959 CEST | 443 | 49743 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:57.423639059 CEST | 443 | 49743 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:57.423739910 CEST | 49743 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:57.425065994 CEST | 49743 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:57.425116062 CEST | 443 | 49743 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:57.426237106 CEST | 443 | 49743 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:57.427366018 CEST | 49743 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:57.468151093 CEST | 443 | 49743 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:57.700521946 CEST | 443 | 49743 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:57.700680017 CEST | 443 | 49743 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:57.700860977 CEST | 49743 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:57.758580923 CEST | 49743 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:57.758582115 CEST | 49743 | 443 | 192.168.2.4 | 23.193.120.112 |
Apr 23, 2024 10:11:57.758644104 CEST | 443 | 49743 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:11:57.758680105 CEST | 443 | 49743 | 23.193.120.112 | 192.168.2.4 |
Apr 23, 2024 10:12:06.506076097 CEST | 443 | 49741 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:12:06.506134033 CEST | 443 | 49741 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:12:06.506217003 CEST | 49741 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:12:07.125658989 CEST | 49723 | 80 | 192.168.2.4 | 72.21.81.240 |
Apr 23, 2024 10:12:07.229932070 CEST | 80 | 49723 | 72.21.81.240 | 192.168.2.4 |
Apr 23, 2024 10:12:07.230098963 CEST | 49723 | 80 | 192.168.2.4 | 72.21.81.240 |
Apr 23, 2024 10:12:08.063313007 CEST | 49741 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:12:08.063374996 CEST | 443 | 49741 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:12:56.212429047 CEST | 49751 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:12:56.212467909 CEST | 443 | 49751 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:12:56.212538004 CEST | 49751 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:12:56.212745905 CEST | 49751 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:12:56.212757111 CEST | 443 | 49751 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:12:56.426208973 CEST | 443 | 49751 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:12:56.426493883 CEST | 49751 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:12:56.426506042 CEST | 443 | 49751 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:12:56.426830053 CEST | 443 | 49751 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:12:56.427303076 CEST | 49751 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:12:56.427357912 CEST | 443 | 49751 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:12:56.476862907 CEST | 49751 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:12:56.523840904 CEST | 49724 | 80 | 192.168.2.4 | 72.21.81.240 |
Apr 23, 2024 10:12:56.628074884 CEST | 80 | 49724 | 72.21.81.240 | 192.168.2.4 |
Apr 23, 2024 10:12:56.628161907 CEST | 49724 | 80 | 192.168.2.4 | 72.21.81.240 |
Apr 23, 2024 10:13:06.434138060 CEST | 443 | 49751 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:13:06.434216976 CEST | 443 | 49751 | 142.250.105.147 | 192.168.2.4 |
Apr 23, 2024 10:13:06.434271097 CEST | 49751 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:13:08.284333944 CEST | 49751 | 443 | 192.168.2.4 | 142.250.105.147 |
Apr 23, 2024 10:13:08.284369946 CEST | 443 | 49751 | 142.250.105.147 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 23, 2024 10:11:51.615274906 CEST | 53 | 60744 | 1.1.1.1 | 192.168.2.4 |
Apr 23, 2024 10:11:51.848200083 CEST | 53 | 55559 | 1.1.1.1 | 192.168.2.4 |
Apr 23, 2024 10:11:52.383507013 CEST | 53 | 62746 | 1.1.1.1 | 192.168.2.4 |
Apr 23, 2024 10:11:52.953012943 CEST | 49910 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 23, 2024 10:11:52.953303099 CEST | 64605 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 23, 2024 10:11:53.058372974 CEST | 53 | 49910 | 1.1.1.1 | 192.168.2.4 |
Apr 23, 2024 10:11:53.128767967 CEST | 53 | 64605 | 1.1.1.1 | 192.168.2.4 |
Apr 23, 2024 10:11:55.128464937 CEST | 53 | 63061 | 1.1.1.1 | 192.168.2.4 |
Apr 23, 2024 10:11:56.162386894 CEST | 53682 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 23, 2024 10:11:56.162542105 CEST | 60388 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 23, 2024 10:11:56.267488956 CEST | 53 | 60388 | 1.1.1.1 | 192.168.2.4 |
Apr 23, 2024 10:11:56.267628908 CEST | 53 | 53682 | 1.1.1.1 | 192.168.2.4 |
Apr 23, 2024 10:12:08.232599974 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Apr 23, 2024 10:12:09.758409977 CEST | 53 | 49430 | 1.1.1.1 | 192.168.2.4 |
Apr 23, 2024 10:12:28.616936922 CEST | 53 | 63332 | 1.1.1.1 | 192.168.2.4 |
Apr 23, 2024 10:12:51.415617943 CEST | 53 | 56064 | 1.1.1.1 | 192.168.2.4 |
Apr 23, 2024 10:12:51.603157043 CEST | 53 | 55847 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Apr 23, 2024 10:11:53.128878117 CEST | 192.168.2.4 | 1.1.1.1 | c227 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 23, 2024 10:11:52.953012943 CEST | 192.168.2.4 | 1.1.1.1 | 0xab51 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 23, 2024 10:11:52.953303099 CEST | 192.168.2.4 | 1.1.1.1 | 0x93f0 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 23, 2024 10:11:56.162386894 CEST | 192.168.2.4 | 1.1.1.1 | 0x8706 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 23, 2024 10:11:56.162542105 CEST | 192.168.2.4 | 1.1.1.1 | 0xa4a9 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 23, 2024 10:11:53.058372974 CEST | 1.1.1.1 | 192.168.2.4 | 0xab51 | No error (0) | 47.243.189.198 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 10:11:56.267488956 CEST | 1.1.1.1 | 192.168.2.4 | 0xa4a9 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 23, 2024 10:11:56.267628908 CEST | 1.1.1.1 | 192.168.2.4 | 0x8706 | No error (0) | 142.250.105.147 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 10:11:56.267628908 CEST | 1.1.1.1 | 192.168.2.4 | 0x8706 | No error (0) | 142.250.105.105 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 10:11:56.267628908 CEST | 1.1.1.1 | 192.168.2.4 | 0x8706 | No error (0) | 142.250.105.103 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 10:11:56.267628908 CEST | 1.1.1.1 | 192.168.2.4 | 0x8706 | No error (0) | 142.250.105.104 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 10:11:56.267628908 CEST | 1.1.1.1 | 192.168.2.4 | 0x8706 | No error (0) | 142.250.105.106 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 10:11:56.267628908 CEST | 1.1.1.1 | 192.168.2.4 | 0x8706 | No error (0) | 142.250.105.99 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 10:12:06.807416916 CEST | 1.1.1.1 | 192.168.2.4 | 0xf32c | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 10:12:06.807416916 CEST | 1.1.1.1 | 192.168.2.4 | 0xf32c | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 10:12:07.832878113 CEST | 1.1.1.1 | 192.168.2.4 | 0xe3cd | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 23, 2024 10:12:07.832878113 CEST | 1.1.1.1 | 192.168.2.4 | 0xe3cd | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 10:12:24.836474895 CEST | 1.1.1.1 | 192.168.2.4 | 0x107f | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 23, 2024 10:12:24.836474895 CEST | 1.1.1.1 | 192.168.2.4 | 0x107f | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 10:12:43.729027987 CEST | 1.1.1.1 | 192.168.2.4 | 0xb1de | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 23, 2024 10:12:43.729027987 CEST | 1.1.1.1 | 192.168.2.4 | 0xb1de | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 23, 2024 10:13:04.490606070 CEST | 1.1.1.1 | 192.168.2.4 | 0xb4ee | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 23, 2024 10:13:04.490606070 CEST | 1.1.1.1 | 192.168.2.4 | 0xb4ee | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49737 | 47.243.189.198 | 443 | 1508 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 08:11:54 UTC | 959 | OUT | |
2024-04-23 08:11:54 UTC | 471 | IN | |
2024-04-23 08:11:54 UTC | 8415 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49736 | 47.243.189.198 | 443 | 1508 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 08:11:55 UTC | 898 | OUT | |
2024-04-23 08:11:55 UTC | 123 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49742 | 23.193.120.112 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 08:11:56 UTC | 161 | OUT | |
2024-04-23 08:11:57 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49743 | 23.193.120.112 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 08:11:57 UTC | 239 | OUT | |
2024-04-23 08:11:57 UTC | 530 | IN | |
2024-04-23 08:11:57 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 10:11:46 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 10:11:50 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 10:11:52 |
Start date: | 23/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |