Windows
Analysis Report
http://p.ksrndkehqnwntyxlhgto.com
Overview
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- chrome.exe (PID: 3608 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed "about :blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 6512 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2264 --fi eld-trial- handle=220 8,i,273000 6000010268 455,142520 4933774983 5231,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 2520 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt p://p.ksrn dkehqnwnty xlhgto.com " MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: | ||
Source: | LNK file: |
Source: | Window detected: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Masquerading | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Registry Run Keys / Startup Folder | 1 Process Injection | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | unknown | |
www.google.com | 142.250.141.106 | true | false | high | |
p.ksrndkehqnwntyxlhgto.com | 13.248.238.122 | true | false | unknown | |
fp2e7a.wpc.phicdn.net | 192.229.211.108 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
13.248.238.122 | p.ksrndkehqnwntyxlhgto.com | United States | 16509 | AMAZON-02US | false | |
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.250.141.106 | www.google.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.5 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1430632 |
Start date and time: | 2024-04-24 01:14:35 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://p.ksrndkehqnwntyxlhgto.com |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.win@16/8@4/4 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 74.125.137.94, 142.251.2.101, 142.251.2.139, 142.251.2.102, 142.251.2.100, 142.251.2.138, 142.251.2.113, 142.251.2.84, 34.104.35.123, 40.68.123.157, 199.232.214.172, 192.229.211.108, 23.32.1.150, 23.32.1.155, 20.242.39.171, 142.250.101.94, 23.32.1.212
- Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, clientservices.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, clients.l.google.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtSetInformationFile calls found.
- VT rate limit hit for: http://p.ksrndkehqnwntyxlhgto.com
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2677 |
Entropy (8bit): | 3.980430531814876 |
Encrypted: | false |
SSDEEP: | 48:81odsQTM0BDbycHeidAKZdA19ehwiZUklqehOy+3:8kXy9By |
MD5: | F182A2D1D24F7C7E40F3FD7514A2DEAA |
SHA1: | 43FEC82BD2A9D315B8DA342C5079D25F6D6336EE |
SHA-256: | 4E6E01AEF3A95BCCF81B5C412FF96039BF352171BBE86740F8847C271A2F9620 |
SHA-512: | BAD1B7B1F5224FB2C3F51BC2C6258A8DC066CE3922FFEBD485CF5D0FF45DF6C9C34C8E392E9EDE767409B14B93514350EACD6D730E0F3C8C3CC119830D6A99C0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2679 |
Entropy (8bit): | 3.996386698308828 |
Encrypted: | false |
SSDEEP: | 48:8yodsQTM0BDbycHeidAKZdA1weh/iZUkAQkqehxy+2:8VXy39Qgy |
MD5: | 70F089E37845F47E39DC81E8EC925E1A |
SHA1: | F2C9824F57488FAF686FF9B91DA7CEA490B931E6 |
SHA-256: | CEA52EE37FB6F56778DB573859479100C54A91578F278DCC64D2919D8BC994B0 |
SHA-512: | 379F1AA877516B944DD73922CBF7FDBD6A451CDFD1AA7C5C61ABC0BD9383C7D1F9CD6A96A64DF30F4FCD2A604E56E19FA6902251514CC9FEAF9B9038B7779971 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2693 |
Entropy (8bit): | 4.00780680648309 |
Encrypted: | false |
SSDEEP: | 48:8xJodsQTM0BDbsHeidAKZdA14tseh7sFiZUkmgqeh7sby+BX:8x4Xnn1y |
MD5: | 099815A225EB035B4A6DDC551D8B1D64 |
SHA1: | 940FA071508FFC50A2F448A04D2673BFE2D5BF2A |
SHA-256: | BA2FC6B2D26E29E600ED16169422A5FA3E7BE5F3CA73B0058BF18C34AF6EBC33 |
SHA-512: | 386AD6555E73EB399EEDACE328015CFFB33F247E012CBDBA246DCCB6C7F1F46681C4C4FF78BA4296AAE788997C9F1F1E76B6E3E6585D591B5B70794BCDC8A006 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.993603845314759 |
Encrypted: | false |
SSDEEP: | 48:86odsQTM0BDbycHeidAKZdA1vehDiZUkwqehty+R:8NXy0Ty |
MD5: | 64C3CDDDF2B3EA3DA7849EB1E18A0977 |
SHA1: | EEFB89575C302FEFE4119947A0C766C1FD2DEB0E |
SHA-256: | 0F297C1A36580BBAE916A3436F323B6B238D1392AA6110860025816E278D79F4 |
SHA-512: | 03E9AE9854D3B31C11C59015D2E65CD3FD7221A700D945D9F421D22200D707C69B1134E4385562BB13C242D55AF4BA5AA503C478BB81BBD7B9F191493CE01EA3 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2681 |
Entropy (8bit): | 3.982378193682603 |
Encrypted: | false |
SSDEEP: | 48:8sodsQTM0BDbycHeidAKZdA1hehBiZUk1W1qehvy+C:8HXyU9Py |
MD5: | 2B461DF5513293A0A2E1C1113BCDBC99 |
SHA1: | 9A6FF8048E0D3342B8208FBDEAB47C092CC68D3E |
SHA-256: | 8D1DDBC14FAEA6B2FEAA9E25CFE93E77F85C429FC16F5A01F792EBFC5230F2BC |
SHA-512: | 97026C06A3E7AE5C6862982E87B8224EB35EE569FDB906AD7C4C4B72BDD052A220AA348D47811A7CE7317E24CAFBAC3D293A51B33B4FCB34AA2F5EABC457AFCD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Download File
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2683 |
Entropy (8bit): | 3.9966532376197326 |
Encrypted: | false |
SSDEEP: | 48:8GodsQTM0BDbycHeidAKZdA1duT+ehOuTbbiZUk5OjqehOuTb1y+yT+:8ZXy6T/TbxWOvTb1y7T |
MD5: | 0B0D49F284BA57E20B2C07B6523C0D58 |
SHA1: | 10B0017262AA59CB984951E556F61E74AFDBB44E |
SHA-256: | 419BA855C2A36939E59BFD14F0CABD3268261B3BD50D9F22A02E5BCF330CE58F |
SHA-512: | 486B155D84CB3CCBB3E24BD6E0A421470BE6448FB48596DBD197E20D290805D11523279D0579C7A850292EE502C524C40E9CD1EBB1339B2722FEB41E91A718D0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 315 |
Entropy (8bit): | 5.0572271090563765 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR |
MD5: | A34AC19F4AFAE63ADC5D2F7BC970C07F |
SHA1: | A82190FC530C265AA40A045C21770D967F4767B8 |
SHA-256: | D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3 |
SHA-512: | 42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765 |
Malicious: | false |
Reputation: | low |
URL: | http://p.ksrndkehqnwntyxlhgto.com/favicon.ico |
Preview: |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 01:15:19.543275118 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 24, 2024 01:15:19.543286085 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 24, 2024 01:15:19.652642965 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 24, 2024 01:15:28.164321899 CEST | 49709 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:15:28.164839029 CEST | 49710 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:15:28.219120979 CEST | 49713 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:15:28.323646069 CEST | 80 | 49709 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:15:28.323754072 CEST | 49709 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:15:28.324191093 CEST | 80 | 49710 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:15:28.324285984 CEST | 49710 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:15:28.326514959 CEST | 49709 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:15:28.378549099 CEST | 80 | 49713 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:15:28.378654003 CEST | 49713 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:15:28.485863924 CEST | 80 | 49709 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:15:28.545061111 CEST | 80 | 49709 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:15:28.607194901 CEST | 49709 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:15:28.749753952 CEST | 80 | 49709 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:15:28.749815941 CEST | 49709 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:15:28.758910894 CEST | 49715 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:15:28.758999109 CEST | 443 | 49715 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:15:28.759118080 CEST | 49715 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:15:28.759326935 CEST | 49715 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:15:28.759351015 CEST | 443 | 49715 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:15:28.766567945 CEST | 80 | 49709 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:15:28.824656963 CEST | 80 | 49709 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:15:28.869565010 CEST | 49709 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:15:29.130522013 CEST | 443 | 49715 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:15:29.130935907 CEST | 49715 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:15:29.130974054 CEST | 443 | 49715 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:15:29.132446051 CEST | 443 | 49715 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:15:29.132534981 CEST | 49715 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:15:29.133944988 CEST | 49715 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:15:29.134033918 CEST | 443 | 49715 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:15:29.228689909 CEST | 49675 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 24, 2024 01:15:29.228689909 CEST | 49715 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:15:29.228761911 CEST | 443 | 49715 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:15:29.259924889 CEST | 49674 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 24, 2024 01:15:29.416208982 CEST | 49715 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:15:29.416215897 CEST | 49673 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 24, 2024 01:15:30.648600101 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 24, 2024 01:15:30.648741007 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 24, 2024 01:15:32.801091909 CEST | 49717 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:32.801146030 CEST | 443 | 49717 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:32.801292896 CEST | 49717 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:32.804156065 CEST | 49717 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:32.804182053 CEST | 443 | 49717 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:33.162877083 CEST | 443 | 49717 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:33.163295031 CEST | 49717 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:33.170905113 CEST | 49717 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:33.170921087 CEST | 443 | 49717 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:33.171288967 CEST | 443 | 49717 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:33.212680101 CEST | 49717 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:33.269201994 CEST | 49717 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:33.316118002 CEST | 443 | 49717 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:33.491257906 CEST | 443 | 49717 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:33.491470098 CEST | 443 | 49717 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:33.491554976 CEST | 49717 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:33.491662979 CEST | 49717 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:33.491692066 CEST | 443 | 49717 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:33.491729975 CEST | 49717 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:33.491738081 CEST | 443 | 49717 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:33.535043001 CEST | 49718 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:33.535126925 CEST | 443 | 49718 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:33.535372972 CEST | 49718 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:33.535979986 CEST | 49718 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:33.536026955 CEST | 443 | 49718 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:33.882724047 CEST | 443 | 49718 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:33.882812977 CEST | 49718 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:33.883915901 CEST | 49718 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:33.883934021 CEST | 443 | 49718 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:33.884300947 CEST | 443 | 49718 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:33.885915995 CEST | 49718 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:33.932112932 CEST | 443 | 49718 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:34.222758055 CEST | 443 | 49718 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:34.222915888 CEST | 443 | 49718 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:34.223004103 CEST | 49718 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:36.780684948 CEST | 49718 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:36.780684948 CEST | 49718 | 443 | 192.168.2.5 | 23.1.102.27 |
Apr 24, 2024 01:15:36.780746937 CEST | 443 | 49718 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:36.780776024 CEST | 443 | 49718 | 23.1.102.27 | 192.168.2.5 |
Apr 24, 2024 01:15:39.121905088 CEST | 443 | 49715 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:15:39.122071028 CEST | 443 | 49715 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:15:39.122232914 CEST | 49715 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:15:40.330512047 CEST | 49715 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:15:40.330565929 CEST | 443 | 49715 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:15:40.829355001 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 24, 2024 01:15:40.829355001 CEST | 49703 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 24, 2024 01:15:40.829777956 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 24, 2024 01:15:40.829828978 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Apr 24, 2024 01:15:40.829963923 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 24, 2024 01:15:40.830323935 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 24, 2024 01:15:40.830342054 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Apr 24, 2024 01:15:40.989443064 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 24, 2024 01:15:40.989500046 CEST | 443 | 49703 | 23.1.237.91 | 192.168.2.5 |
Apr 24, 2024 01:15:41.170775890 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Apr 24, 2024 01:15:41.170861006 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 24, 2024 01:16:00.322962999 CEST | 443 | 49721 | 23.1.237.91 | 192.168.2.5 |
Apr 24, 2024 01:16:00.323170900 CEST | 49721 | 443 | 192.168.2.5 | 23.1.237.91 |
Apr 24, 2024 01:16:13.338332891 CEST | 49710 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:16:13.385206938 CEST | 49713 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:16:13.498219013 CEST | 80 | 49710 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:16:13.544538975 CEST | 80 | 49713 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:16:13.838326931 CEST | 49709 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:16:13.998004913 CEST | 80 | 49709 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:16:28.401750088 CEST | 49710 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:16:28.402101994 CEST | 49713 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:16:28.441410065 CEST | 80 | 49710 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:16:28.441504002 CEST | 49710 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:16:28.489835024 CEST | 80 | 49713 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:16:28.490057945 CEST | 49713 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:16:28.561717987 CEST | 80 | 49713 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:16:28.561779976 CEST | 80 | 49710 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:16:28.669855118 CEST | 49728 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:16:28.669898987 CEST | 443 | 49728 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:16:28.670017004 CEST | 49728 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:16:28.670764923 CEST | 49728 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:16:28.670780897 CEST | 443 | 49728 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:16:28.824839115 CEST | 80 | 49709 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:16:28.824917078 CEST | 49709 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:16:29.026184082 CEST | 443 | 49728 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:16:29.026874065 CEST | 49728 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:16:29.026905060 CEST | 443 | 49728 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:16:29.027188063 CEST | 443 | 49728 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:16:29.027801037 CEST | 49728 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:16:29.027856112 CEST | 443 | 49728 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:16:29.073163033 CEST | 49728 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:16:30.326179981 CEST | 49709 | 80 | 192.168.2.5 | 13.248.238.122 |
Apr 24, 2024 01:16:30.486428022 CEST | 80 | 49709 | 13.248.238.122 | 192.168.2.5 |
Apr 24, 2024 01:16:39.050260067 CEST | 443 | 49728 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:16:39.050335884 CEST | 443 | 49728 | 142.250.141.106 | 192.168.2.5 |
Apr 24, 2024 01:16:39.050437927 CEST | 49728 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:16:40.323946953 CEST | 49728 | 443 | 192.168.2.5 | 142.250.141.106 |
Apr 24, 2024 01:16:40.323975086 CEST | 443 | 49728 | 142.250.141.106 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 24, 2024 01:15:25.915215969 CEST | 53 | 58273 | 1.1.1.1 | 192.168.2.5 |
Apr 24, 2024 01:15:26.065486908 CEST | 53 | 51694 | 1.1.1.1 | 192.168.2.5 |
Apr 24, 2024 01:15:27.920512915 CEST | 51442 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 24, 2024 01:15:27.920733929 CEST | 58724 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 24, 2024 01:15:28.162969112 CEST | 53 | 51442 | 1.1.1.1 | 192.168.2.5 |
Apr 24, 2024 01:15:28.163711071 CEST | 53 | 58724 | 1.1.1.1 | 192.168.2.5 |
Apr 24, 2024 01:15:28.603673935 CEST | 63009 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 24, 2024 01:15:28.603884935 CEST | 51314 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 24, 2024 01:15:28.655630112 CEST | 53 | 51573 | 1.1.1.1 | 192.168.2.5 |
Apr 24, 2024 01:15:28.757242918 CEST | 53 | 63009 | 1.1.1.1 | 192.168.2.5 |
Apr 24, 2024 01:15:28.757808924 CEST | 53 | 51314 | 1.1.1.1 | 192.168.2.5 |
Apr 24, 2024 01:15:49.884933949 CEST | 53 | 50896 | 1.1.1.1 | 192.168.2.5 |
Apr 24, 2024 01:16:11.208359003 CEST | 53 | 60463 | 1.1.1.1 | 192.168.2.5 |
Apr 24, 2024 01:16:24.507251024 CEST | 53 | 54235 | 1.1.1.1 | 192.168.2.5 |
Apr 24, 2024 01:16:36.686388016 CEST | 53 | 64921 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Apr 24, 2024 01:15:27.834512949 CEST | 192.168.2.5 | 1.1.1.1 | c262 | (Port unreachable) | Destination Unreachable |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 24, 2024 01:15:27.920512915 CEST | 192.168.2.5 | 1.1.1.1 | 0x83a9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 24, 2024 01:15:27.920733929 CEST | 192.168.2.5 | 1.1.1.1 | 0x75af | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 24, 2024 01:15:28.603673935 CEST | 192.168.2.5 | 1.1.1.1 | 0xb1f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 24, 2024 01:15:28.603884935 CEST | 192.168.2.5 | 1.1.1.1 | 0x8214 | Standard query (0) | 65 | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 24, 2024 01:15:28.162969112 CEST | 1.1.1.1 | 192.168.2.5 | 0x83a9 | No error (0) | 13.248.238.122 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 01:15:28.162969112 CEST | 1.1.1.1 | 192.168.2.5 | 0x83a9 | No error (0) | 76.223.116.242 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 01:15:28.757242918 CEST | 1.1.1.1 | 192.168.2.5 | 0xb1f | No error (0) | 142.250.141.106 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 01:15:28.757242918 CEST | 1.1.1.1 | 192.168.2.5 | 0xb1f | No error (0) | 142.250.141.147 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 01:15:28.757242918 CEST | 1.1.1.1 | 192.168.2.5 | 0xb1f | No error (0) | 142.250.141.99 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 01:15:28.757242918 CEST | 1.1.1.1 | 192.168.2.5 | 0xb1f | No error (0) | 142.250.141.105 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 01:15:28.757242918 CEST | 1.1.1.1 | 192.168.2.5 | 0xb1f | No error (0) | 142.250.141.104 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 01:15:28.757242918 CEST | 1.1.1.1 | 192.168.2.5 | 0xb1f | No error (0) | 142.250.141.103 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 01:15:28.757808924 CEST | 1.1.1.1 | 192.168.2.5 | 0x8214 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 24, 2024 01:15:40.500888109 CEST | 1.1.1.1 | 192.168.2.5 | 0x1cbd | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 24, 2024 01:15:40.500888109 CEST | 1.1.1.1 | 192.168.2.5 | 0x1cbd | No error (0) | 192.229.211.108 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 01:16:07.368530035 CEST | 1.1.1.1 | 192.168.2.5 | 0xa96f | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 01:16:07.368530035 CEST | 1.1.1.1 | 192.168.2.5 | 0xa96f | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 01:16:28.745172024 CEST | 1.1.1.1 | 192.168.2.5 | 0xa490 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Apr 24, 2024 01:16:28.745172024 CEST | 1.1.1.1 | 192.168.2.5 | 0xa490 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49709 | 13.248.238.122 | 80 | 6512 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 24, 2024 01:15:28.326514959 CEST | 441 | OUT | |
Apr 24, 2024 01:15:28.545061111 CEST | 172 | IN | |
Apr 24, 2024 01:15:28.607194901 CEST | 396 | OUT | |
Apr 24, 2024 01:15:28.749753952 CEST | 172 | IN | |
Apr 24, 2024 01:15:28.824656963 CEST | 484 | IN | |
Apr 24, 2024 01:16:13.838326931 CEST | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49710 | 13.248.238.122 | 80 | 6512 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 24, 2024 01:16:13.338332891 CEST | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49713 | 13.248.238.122 | 80 | 6512 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 24, 2024 01:16:13.385206938 CEST | 6 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49717 | 23.1.102.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 23:15:33 UTC | 161 | OUT | |
2024-04-23 23:15:33 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49718 | 23.1.102.27 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-23 23:15:33 UTC | 239 | OUT | |
2024-04-23 23:15:34 UTC | 530 | IN | |
2024-04-23 23:15:34 UTC | 55 | IN |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 01:15:19 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 01:15:22 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 3 |
Start time: | 01:15:25 |
Start date: | 24/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff715980000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |